Access Control Issues in Book Landing Page by raratheme
CVE-2026-32378

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Book Landing Page
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-32378?

The Book Landing Page theme developed by raratheme suffers from a missing authorization vulnerability due to incorrectly configured access control security settings. This flaw allows unauthorized users to exploit the system, potentially leading to sensitive information exposure and unauthorized actions. Affected versions include all versions up to and including 1.2.7. It is crucial for users to review their configurations and apply necessary updates to mitigate these risks.

Affected Version(s)

Book Landing Page 0 <= 1.2.7

References

https://patchstack.com/database/Wordpress/Theme/book-land...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program

CVE-2026-32378 Data

JSON

WordPress

What is CVE-2026-32378?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit