CVE-2026-57779
Received Received - Intake

Missing Authorization in Fascinate Theme

Vulnerability report for CVE-2026-57779, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through <= 1.1.5.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
themebeez fascinate From 1.1.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability allows attackers to perform higher-privileged actions without authentication, potentially compromising the security of affected websites. Although classified as low severity with a CVSS score of 5.3, it could be exploited in mass campaigns targeting thousands of websites. Simply deactivating the theme does not fully mitigate the risk unless additional security rules are applied.

  • Unauthorized users can gain elevated access.
  • Potential exploitation in large-scale attacks.
  • Risk remains if the theme is only deactivated without further protections.
Detection Guidance

The vulnerability allows unauthenticated users to perform higher-privileged actions due to missing authorization checks in the WordPress Fascinate Theme versions 1.1.5 and below.

Detection involves checking if your system is running the Fascinate theme version 1.1.5 or below and testing for unauthorized access to privileged actions.

Since the theme lacks nonce token checks and proper authentication, you can attempt to access administrative or restricted theme functions without logging in.

Specific commands are not provided in the resources, but you can use tools like curl or wget to send HTTP requests to theme endpoints and observe if unauthorized actions are permitted.

Mitigation Strategies

Immediate mitigation steps include updating the Fascinate theme to a version higher than 1.1.5 if available.

Since the theme has not received an official patch and no further support is expected, replacing the theme entirely with a secure alternative is recommended.

Deactivating the theme alone does not mitigate the threat unless additional security rules are deployed.

  • Update or replace the Fascinate theme.
  • Deploy additional access control rules or security plugins to restrict unauthorized access.
  • Monitor your website for unusual activity that may indicate exploitation attempts.
Executive Summary

The WordPress Fascinate Theme, versions 1.1.5 and below, contains a Broken Access Control vulnerability (CVE-2026-57779). This vulnerability arises from missing authorization, authentication, or nonce token checks, which allows unauthenticated users to perform actions that should require higher privileges.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart