PatchSiren cyber security CVE debrief
CVE-2023-32959 Sparkle WP CVE debrief
A Missing Authorization vulnerability was discovered in the MetroStore theme for WordPress, affecting versions from n/a through 1.3.2. This vulnerability, tracked as CVE-2023-32959, has a CVSS score of 4.3 and is classified as MEDIUM severity. The issue allows for Exploiting Incorrectly Configured Access Control Security Levels.
- Vendor
- Sparkle WP
- Product
- MetroStore
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of the MetroStore theme for WordPress, particularly those using versions from n/a through 1.3.2, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a Missing Authorization issue in the MetroStore theme. This allows attackers to exploit incorrectly configured access control security levels. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the MetroStore theme to a version that is not vulnerable.
- Review and correct access control configurations to prevent exploitation.
Evidence notes
Evidence for this CVE comes from the National Vulnerability Database (NVD) and Patchstack.
Official resources
-
CVE-2023-32959 CVE record
CVE.org
-
CVE-2023-32959 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2023-32959 was published on 2026-06-11T12:16:29.873Z and modified on 2026-06-11T14:42:47.007Z.