MEDIUM
broadstreetads
CVE published 2026-05-21
CVE-2026-1881
CVE-2026-1881 is an authenticated access-control flaw in the Broadstreet plugin for WordPress. A missing validation check on a user-controlled key in the get_sponsored_meta AJAX action can let Subscriber-level and higher users read private post metadata they should not be able to access. The issue is rated medium severity (CVSS 4.3) and is primarily a confidentiality concern.