CVE-2026-1881

by Fred · 21/05/2026

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disclose any private post metadata.

More information : https://plugins.trac.wordpress.org/changeset?old_path=%2Fbroadstreet/tags/1.52.2&new_path=%2Fbroadstreet/tags/1.53.2

CVE-2026-1881

Similar

Recent Posts

Categories

CVE-2026-1881

Share this:

Similar

Recent Posts

Categories

Tags