Permalink
CVE-2026-22407
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
References
- https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-ro… vdb-entry
- https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-ro… vdb-entry
- https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-ro… vdb-entry
- https://patchstack.com/database/Wordpress/Theme/roam/vulnerability/wordpress-ro… vdb-entry
Affected products
roam
- =<<= 2.1.1
Matching in nixpkgs
pkgs.geteduroam
GUI client to configure eduroam
pkgs.roam-research
Note-taking tool for networked thought
pkgs.geteduroam-cli
CLI client to configure eduroam
pkgs.easyroam-connect-desktop
Manage and install your easyroam WiFi profiles
Package maintainers
-
@MarchCraft Felix Nilles <felix@dienilles.de>
-
@manyinsects liv <shadows@with.al>
-
@pbsds Peder Bergebakken Sundt <pbsds@hotmail.com>
-
@viperML Fernando Ayats <ayatsfer@gmail.com>
-
@dbalan Dhananjay Balan <nix@dbalan.in>