Skip to main content

Author Avatars List Block

2 CVEs product

Monthly

CVE-2026-39690 MEDIUM This Month

Missing authorization in Paul Bearne Author Avatars List/Block plugin (versions up to 2.1.25) allows unauthenticated remote attackers to access sensitive information through incorrectly configured access control, resulting in partial disclosure of confidential data. The vulnerability has low exploitation probability (EPSS 0.02%) and no public exploit identified, but the automatable nature and broken access control classification warrant attention for WordPress installations using this plugin.

Authentication Bypass Author Avatars List Block
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-49846 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Author Avatars List Block
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in Paul Bearne Author Avatars List/Block plugin (versions up to 2.1.25) allows unauthenticated remote attackers to access sensitive information through incorrectly configured access control, resulting in partial disclosure of confidential data. The vulnerability has low exploitation probability (EPSS 0.02%) and no public exploit identified, but the automatable nature and broken access control classification warrant attention for WordPress installations using this plugin.

Authentication Bypass Author Avatars List Block
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Author Avatars List Block
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy