Description
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects MetroStore: from n/a through 1.3.2.
Published: 2026-06-11
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Sparkle Wp
Sparkle Wp metrostore
Wordpress
Wordpress wordpress
Vendors & Products Sparkle Wp
Sparkle Wp metrostore
Wordpress
Wordpress wordpress

Thu, 11 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2.
Title WordPress MetroStore theme <= 1.3.2 - Broken Access Control
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}


Subscriptions

Sparkle Wp Metrostore
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-11T16:03:17.760Z

Reserved: 2023-05-16T09:52:27.426Z

Link: CVE-2023-32959

cve-icon Vulnrichment

Updated: 2026-06-11T16:03:14.293Z

cve-icon NVD

Status : Deferred

Published: 2026-06-11T12:16:29.873

Modified: 2026-06-11T14:42:47.007

Link: CVE-2023-32959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T20:18:15Z

Weaknesses