Unrestricted Access to WpXmas-Snow with Incorrect Security Settings

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Unrestricted Access to WpXmas-Snow with Incorrect Security Settings

CVE-2026-39610

Summary

An outdated version of WpXmas-Snow may allow an attacker to access sensitive areas of the system without proper permission. This could lead to unauthorized changes or data breaches. Update WpXmas-Snow to at least version 1.2 to fix this issue.

Original title

Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpXmas-Snow: from n/a through ...

Original description

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/wpxmas-snow/vulnerability/wordp...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026