Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Cream Blog: Incorrect Access Control Allows Unauthorized Access
CVE-2026-39648
Summary
A security issue in Cream Blog, a theme used in WordPress, allows unauthorized access to sensitive areas. This puts sensitive information at risk if an attacker gains access. Update to version 2.1.8 or later to fix this issue.
Original title
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
Original description
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through <= 2.1.7.
Vulnerability type
CWE-862
Missing Authorization
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026