CVE-2026-7638 | appcheap App Builder Plugin up to 5.6.0 on WordPress upload_avatar user_id authorization (EUVD-2026-26732)

A vulnerability classified as critical has been found in appcheap App Builder Plugin up to 5.6.0 on WordPress. This issue affects the function upload_avatar. This manipulation of the argument user_id causes authorization bypass.

This vulnerability appears as CVE-2026-7638. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More