CVE Catalog

CVE-2026-57665

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

An Insecure Direct Object References (IDOR) vulnerability in GravityView versions up to 3.0.0 allows an unauthenticated attacker to access private data. The flaw is due to missing permission checks on object references.

Risk Assessment

The risk includes unauthorized access to sensitive information stored in GravityView, potentially leading to data leakage of personal or other confidential data.

Recommendation

It is recommended to immediately update the GravityView plugin to version 3.0.1 or later, which includes a fix for the IDOR vulnerability.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS