CVE Catalog
CVE-2026-57665
MediumCVSS 5.3Summary
An Insecure Direct Object References (IDOR) vulnerability in GravityView versions up to 3.0.0 allows an unauthenticated attacker to access private data. The flaw is due to missing permission checks on object references.
Risk Assessment
The risk includes unauthorized access to sensitive information stored in GravityView, potentially leading to data leakage of personal or other confidential data.
Recommendation
It is recommended to immediately update the GravityView plugin to version 3.0.1 or later, which includes a fix for the IDOR vulnerability.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.

