CVE Catalog
CVE-2026-57634
MediumCVSS 4.3Summary
The PPWP plugin version 1.9.19 and earlier contains an Insecure Direct Object References (IDOR) vulnerability in the contributor functionality. This allows unauthorized access to private data.
Risk Assessment
The risk involves unauthorized reading, modification, or deletion of resources by an unprivileged user, potentially leading to data leakage or integrity compromise.
Recommendation
It is recommended to immediately update the PPWP plugin to the latest available version that fixes this vulnerability. Also review permissions for users with the contributor role.
Original NVD description (English source)
Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.

