MEDIUM
Matteo Manna
CVE published 2026-06-29
CVE-2026-57676
CVE-2026-57676 is an Authorization Bypass Through User-Controlled Key vulnerability in the Simple User Avatar plugin for WordPress. The issue, categorized under CWE-639, allows attackers to exploit incorrectly configured access control security levels. This vulnerability affects Simple User Avatar versions from n/a through 4.9. The CVSS score for this vulnerability is 4.3, indicating a medium severity lev [truncated]