The Bucketlister WordPress Plugin Missing Authorization Vulnerability Allowing Unauthorized Data Modification

Vulnerability

A vulnerability exists in the Bucketlister plugin for WordPress, in all versions through 0.1.5, due to a lack of proper capability checks in the bucketlister_do_admin_ajax() function. This flaw enables authenticated attackers with Subscriber-level access and higher to add, delete, or modify any bucket list items.

Impact

Exploitation of this vulnerability allows for unauthorized users to alter bucket list items, potentially leading to misuse of the plugin's functionality or disruption of service.

Added: Feb 7, 2026, 9:30 AM

Updated: Feb 7, 2026, 9:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

2.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

The Bucketlister WordPress Plugin Missing Authorization Vulnerability Allowing Unauthorized Data Modification

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating