Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Author Avatars List/Block allows unauthorized access to sensitive data
CVE-2026-39690
Summary
A security weakness in the Author Avatars List/Block software lets attackers access data they shouldn't have. This affects versions of the software up to 2.1.25. To stay secure, update to the latest version as soon as possible.
Original title
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars...
Original description
Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Author Avatars List/Block: from n/a through <= 2.1.25.
Vulnerability type
CWE-862
Missing Authorization
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026