CVE-2026-7638 | appcheap App Builder Plugin up to 5.6.0 on WordPress upload_avatar user_id authorization (EUVD-2026-26732)

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability classified as critical has been found in appcheap App Builder Plugin up to 5.6.0 on WordPress. This issue affects the function upload_avatar. This manipulation of the argument user_id causes authorization bypass.

This vulnerability appears as CVE-2026-7638. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-7638 | appcheap App Builder Plugin up to 5.6.0 on WordPress upload_avatar user_id authorization (EUVD-2026-26732)

Post correlati

CVE-2025-55188 | 7-Zip up to 25.00 Symbolic Links link following

CVE-2025-63040 | Saad Iqbal Post Snippets Plugin up to 4.0.11 on WordPress cross-site request forgery

CVE-2023-45892 | Floorsight Insights Q3 2023 Order/Invoice Pages information disclosure

CVE-2024-37935 | anhvnit Woocommerce OpenPos Plugin up to 6.4.4 on WordPress authorization