CVE-2026-32381

Vulnerability

Overview

The App Landing Page theme for WordPress versions up to and including 1.2.2 contains a missing authorization vulnerability. This broken access control issue allows unprivileged users to execute actions that should require higher privileges, due to incorrect configuration of access control security levels [1].

Exploitation

Attackers can exploit this vulnerability without authentication, as the missing authorization checks can be triggered remotely. This type of flaw is commonly targeted in mass-exploit campaigns, where attackers scan for vulnerable sites to gain unauthorized access [1].

Impact

Successful exploitation enables an attacker to bypass access controls and perform actions intended for higher-privileged users. Depending on the affected functions, this could lead to unauthorized modification of theme settings, disclosure of sensitive information, or further compromise of the WordPress installation [1].

Mitigation

The vendor has not released a patch for this version. Users are strongly advised to update the theme to the latest available version as soon as possible. If updating is not feasible, consider disabling the theme or consulting a web developer for alternative security measures [1].