CVE-2026-7638 | appcheap App Builder Plugin up to 5.6.0 on WordPress upload_avatar user_id authorization (EUVD-2026-26732)

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability classified as critical has been found in appcheap App Builder Plugin up to 5.6.0 on WordPress. This issue affects the function upload_avatar. This manipulation of the argument user_id causes authorization bypass.

This vulnerability appears as CVE-2026-7638. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-7638 | appcheap App Builder Plugin up to 5.6.0 on WordPress upload_avatar user_id authorization (EUVD-2026-26732)

Post correlati

CVE-2023-37898 | laurent22 joplin up to 2.12.8 MarkupToHtml.ts child_process cross site scripting (GHSA-hjmq-3qh4-g2r8)

CVE-2024-55459 | keras up to 3.7.0 TAR File get_file Privilege Escalation

CVE-2024-12049 | Woo Ukrposhta Plugin up to 1.17.11 on WordPress order/post/idd cross site scripting

CVE-2024-11900 | Portfolio Plugin up to 1.2.2 on WordPress cross site scripting