CVE-2023-32959
Deferred Deferred - Pending Action
Missing Authorization in MetroStore WordPress Theme

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Patchstack

Description
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2023-32959
EUVD
EUVD-2023-60590
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack metrostore to 1.3.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in the WordPress MetroStore Theme (version 1.3.2 and below) is a Missing Authorization or Broken Access Control issue. It allows unprivileged users to perform actions that should require higher privileges because the theme lacks proper authorization, authentication, or nonce token checks.

Impact Analysis

This vulnerability can allow attackers or unprivileged users to execute actions that normally require higher permissions, potentially leading to unauthorized changes or access within the website using the MetroStore theme. Since the theme has not been updated for over a year and may not be patched officially, the risk remains unless mitigations are applied or the theme is replaced.

Mitigation Strategies

To mitigate the Broken Access Control vulnerability in the WordPress MetroStore Theme (versions 1.3.2 and below), users should apply the mitigation rule provided by Patchstack to block attacks until an official patch is available.

Alternatively, users are advised to remove and replace the theme entirely, as simply deactivating the theme does not eliminate the threat.

Compliance Impact

The provided information does not specify how the Missing Authorization vulnerability in the MetroStore theme impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The vulnerability in the WordPress MetroStore Theme allows unprivileged users to perform higher-privileged actions due to missing authorization checks. Detection typically involves monitoring for unauthorized access attempts or suspicious activity targeting the theme's endpoints.

Since the theme has not been updated and no official patch is available, Patchstack recommends applying a mitigation rule to block attacks. Detection can be aided by inspecting web server logs for unusual requests or by using web application firewall (WAF) rules designed to identify exploitation attempts.

Specific commands are not provided in the available resources, but general approaches include:

  • Using tools like curl or wget to test access control by attempting to access restricted theme functions without proper authorization.
  • Reviewing web server access logs (e.g., using grep) for suspicious requests related to the MetroStore theme.
  • Implementing and monitoring WAF rules that detect and block unauthorized access attempts targeting the MetroStore theme.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-32959. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart