WordPress Plugin Vulnerabilities
12 Step Meeting List < 3.19.10 - Missing Authorization
Description
The 12 Step Meeting List plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.19.9. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.
Affects Plugins
References
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Bao - BlueRock
Verified
No
WPVDB ID
Timeline
Publicly Published
2026-03-22 (about 3 months ago)
Added
2026-04-15 (about 2 months ago)
Last Updated
2026-04-15 (about 2 months ago)