CVE-2026-39593 — VillaTheme HAPPY Vulnerability

/MEDIUM /CVSS 6.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-862
CVE-2026-39593 — VillaTheme HAPPY Vulnerability

CVE-2026-39593 — Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10.

What This Means For You

  • If your environment is affected by CWE-862, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-39593 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1068 Exploitation for Privilege Escalation Privilege Escalation

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-39593 - VillaTheme HAPPY Unauthenticated Access to Sensitive Functionality

Sigma YAML — free preview 
title: CVE-2026-39593 - VillaTheme HAPPY Unauthenticated Access to Sensitive Functionality
id: scw-2026-05-21-ai-1
status: experimental
level: high
description: |
  This rule detects attempts to exploit CVE-2026-39593 by targeting the 'happy_elementor_get_controls' AJAX action via '/wp-admin/admin-ajax.php'. The vulnerability allows unauthenticated users to access sensitive functionality due to missing authorization checks, potentially leading to further compromise.
author: SCW Feed Engine (AI-generated)
date: 2026-05-21
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-39593/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/wp-admin/admin-ajax.php'
      cs-uri-query|contains:
          - 'action=happy_elementor_get_controls'
      cs-method|exact:
          - 'POST'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-39593 vulnerability CVE-2026-39593
CWE-862 weakness CWE-862

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 21, 2026 at 21:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate

CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...

vulnerabilityCVEmedium-severitycwe-295
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate

CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...

vulnerabilityCVEmedium-severitycwe-295
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs

Open ISES Tickets CVE-2026-48242: Hardcoded MySQL Credentials Exposed

CVE-2026-48242 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in...

vulnerabilityCVEhigh-severitycwe-798
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 2 IOCs /⚙ 3 Sigma