This issue affects Simple User Avatar: from n/a through 4.9.
Project Subscriptions
No advisories yet.
Solution
Update the WordPress Simple User Avatar Plugin to the latest available version (at least 5.0).
Workaround
No workaround given by the vendor.
Wed, 08 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 29 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Matteo Manna
Matteo Manna simple User Avatar Wordpress Wordpress wordpress |
|
| Vendors & Products |
Matteo Manna
Matteo Manna simple User Avatar Wordpress Wordpress wordpress |
Mon, 29 Jun 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9. | |
| Title | WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vulnerability | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-07-08T19:42:22.691Z
Reserved: 2026-06-25T08:03:37.652Z
Link: CVE-2026-57676
Updated: 2026-07-01T10:23:45.747Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-29T20:05:29Z