Newses
Monthly
Missing Authorization in the Newses WordPress theme (Themeansar) through version 2.0.0.77 permits low-privileged authenticated users to exploit incorrectly configured access control security levels, resulting in partial integrity and availability impact. The flaw, reported by Patchstack and tracked under ENISA EUVD-2026-31747, allows an authenticated attacker to perform actions beyond their intended permission scope without proper authorization checks. No public exploit code or active exploitation has been identified at time of analysis, and all available signals - EPSS at 0.04%, SSVC exploitation status of 'none', and Automatable: no - indicate limited real-world threat at this time.
Missing Authorization in the Newses WordPress theme (Themeansar) through version 2.0.0.77 permits low-privileged authenticated users to exploit incorrectly configured access control security levels, resulting in partial integrity and availability impact. The flaw, reported by Patchstack and tracked under ENISA EUVD-2026-31747, allows an authenticated attacker to perform actions beyond their intended permission scope without proper authorization checks. No public exploit code or active exploitation has been identified at time of analysis, and all available signals - EPSS at 0.04%, SSVC exploitation status of 'none', and Automatable: no - indicate limited real-world threat at this time.