This issue affects Simple User Avatar: from n/a through 4.9.
Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
Update the WordPress Simple User Avatar Plugin to the latest available version (at least 5.0).
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 29 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Matteo Manna
Matteo Manna simple User Avatar Wordpress Wordpress wordpress |
|
| Vendors & Products |
Matteo Manna
Matteo Manna simple User Avatar Wordpress Wordpress wordpress |
Mon, 29 Jun 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9. | |
| Title | WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vulnerability | |
| Weaknesses | CWE-639 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-07-08T19:42:22.691Z
Reserved: 2026-06-25T08:03:37.652Z
Link: CVE-2026-57676
Updated: 2026-07-01T10:23:45.747Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-29T20:05:29Z