CVE-2026-22447
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-22447, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-04-28

Assigner: Patchstack

Description

Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-04-28
Generated
2026-07-06
AI Q&A
2026-01-22
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
select-themes prowess to 1.8.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-22447 is a Broken Access Control vulnerability in the WordPress Prowess Theme (versions up to 1.8.1). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows unauthenticated users to perform actions that should require higher privileges. [1]

Impact Analysis

This vulnerability can allow unauthorized users to perform privileged actions within the WordPress Prowess Theme, potentially leading to unauthorized changes or access. However, it has a low severity impact with a CVSS score of 4.3 and is considered unlikely to be exploited. [1]

Detection Guidance

This vulnerability can be detected by testing for missing authorization or broken access control in the WordPress Prowess Theme (version <= 1.8.1). Specifically, you can attempt to access or perform actions that require higher privileges without authentication to see if unauthorized access is possible. Since no official fix or detection scripts are provided, manual testing or custom scripts targeting the theme's functions for missing nonce or authentication checks would be necessary. No specific commands are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected WordPress Prowess Theme functions by implementing proper authorization checks manually or disabling the theme until a patch is available. Since no official fix or patched version currently exists, monitoring for updates from the theme developer or Patchstack is recommended. Additionally, limiting user privileges and hardening WordPress security settings can reduce the risk of exploitation. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22447. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart