iZooto Web Push: Unauthorized Access via Insecure Access Control

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

iZooto Web Push: Unauthorized Access via Insecure Access Control

CVE-2026-39673

Summary

The iZooto web push feature has a security issue that allows unauthorized access to user data. This affects all versions of iZooto from 3.7.20 and earlier. To fix this, update to a newer version of iZooto or adjust your access control settings to ensure only authorized users have access.

Original title

Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iZooto: from n/a through <= 3.7...

Original description

Vulnerability type

CWE-862 Missing Authorization

https://patchstack.com/database/Wordpress/Plugin/izooto-web-push/vulnerability/w...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026