CVE Catalog

CVE-2026-57634

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

The PPWP plugin version 1.9.19 and earlier contains an Insecure Direct Object References (IDOR) vulnerability in the contributor functionality. This allows unauthorized access to private data.

Risk Assessment

The risk involves unauthorized reading, modification, or deletion of resources by an unprivileged user, potentially leading to data leakage or integrity compromise.

Recommendation

It is recommended to immediately update the PPWP plugin to the latest available version that fixes this vulnerability. Also review permissions for users with the contributor role.

Original NVD description (English source)

Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS