Skip to main content

User Feedback

2 CVEs product

Monthly

CVE-2026-39476 MEDIUM This Month

Missing authorization in Syed Balkhi User Feedback plugin versions up to 1.10.1 allows authenticated users to access sensitive feedback data and functionalities they should not have permission to view or modify, due to incorrectly configured access control security levels. With CVSS 4.3 and EPSS 0.02%, this represents a low-probability real-world exploitation risk, though it affects WordPress installations using this plugin.

Authentication Bypass User Feedback
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-39475 HIGH This Week

Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.1) allows authenticated attackers with low privileges to extract database contents through malicious SQL queries. The vulnerability enables cross-scope exploitation with high confidentiality impact and limited availability disruption. EPSS probability is low (0.02%, 6th percentile), no public exploit identified at time of analysis, and exploitation requires authenticated access with low attack complexity.

SQLi User Feedback
NVD
CVSS 3.1
7.6
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization in Syed Balkhi User Feedback plugin versions up to 1.10.1 allows authenticated users to access sensitive feedback data and functionalities they should not have permission to view or modify, due to incorrectly configured access control security levels. With CVSS 4.3 and EPSS 0.02%, this represents a low-probability real-world exploitation risk, though it affects WordPress installations using this plugin.

Authentication Bypass User Feedback
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.1) allows authenticated attackers with low privileges to extract database contents through malicious SQL queries. The vulnerability enables cross-scope exploitation with high confidentiality impact and limited availability disruption. EPSS probability is low (0.02%, 6th percentile), no public exploit identified at time of analysis, and exploitation requires authenticated access with low attack complexity.

SQLi User Feedback
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy