WordPress avalex plugin <= 3.1.3 - Broken Access Control vulnerability

Description

A vulnerability was found in avalex Plugin up to 3.1.3 on WordPress and classified as critical. The manipulation results in missing authorization.

Vendor	Product	Versions
avalex	avalex	n/a

Tier C

VulDB2h ago

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-862

Published3/25/2026

Last enriched2h agov2

Trending Score41

Source articles2

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

0 upvotes0 downvotes

No votes yet

State: unverified

Confidence: 0%

Last enriched 2h ago

v2Tier C2h ago

Updated severity to CRITICAL, marked as actively exploited, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v12h ago

Initial creation