Title: Security Vulnerability Report – Broken Access Control (Patchstack) Last modified: February 23, 2026 --- # Security Vulnerability Report – Broken Access Control (Patchstack) * Resolved [komalgondhali](https://wordpress.org/support/users/komalgondhali/) * (@komalgondhali) * [3 months ago](https://wordpress.org/support/topic/security-vulnerability-report-broken-access-control-patchstack/) * Hi Support Team, * I’d like to report a security concern regarding the Cloudinary plugin. * Patchstack has published a notice about a **Broken Access Control** vulnerability discovered by Nabil Irawan, affecting Cloudinary plugin versions **3.3.1 and earlier**. * **Vulnerability Details:** - Type: Broken Access Control - Discovery Date: January 22, 2026 - Source: Patchstack - Reference: [https://patchstack.com/database/wordpress/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/vulnerability/wordpress-cloudinary-plugin-3-3-0-broken-access-control-vulnerability](https://patchstack.com/database/wordpress/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/vulnerability/wordpress-cloudinary-plugin-3-3-0-broken-access-control-vulnerability) * As the latest available version is also reported to be affected, could you please advise if there is any recommended mitigation or temporary workaround we should implement until a patched release is available? * Thank you for your support. I look forward to your response. Viewing 5 replies - 1 through 5 (of 5 total) * [tamaracloudinary](https://wordpress.org/support/users/tamaracloudinary/) * (@tamaracloudinary) * [3 months ago](https://wordpress.org/support/topic/security-vulnerability-report-broken-access-control-patchstack/#post-18830428) * Hi @komalgondhali * This issue was already resolved in the previous released version. Thank you for reporting it - This reply was modified 3 months ago by [tamaracloudinary](https://wordpress.org/support/users/tamaracloudinary/). * Thread Starter [komalgondhali](https://wordpress.org/support/users/komalgondhali/) * (@komalgondhali) * [3 months ago](https://wordpress.org/support/topic/security-vulnerability-report-broken-access-control-patchstack/#post-18830774) * Hi @tamaracloudinary, * Thank you for the update and for providing the patched release. * I’ve updated the plugin to the latest version, and the issue is now resolved. * Appreciate the quick response and the effort from you and the development team in addressing this. * Best regards, Komal Gondhali * Thread Starter [komalgondhali](https://wordpress.org/support/users/komalgondhali/) * (@komalgondhali) * [3 months ago](https://wordpress.org/support/topic/security-vulnerability-report-broken-access-control-patchstack/#post-18831642) * Hi [@tamaracloudinary](https://wordpress.org/support/users/tamaracloudinary/), * I’m still seeing a vulnerability notice for version 3.3.2 as well. * Reference: [https://patchstack.com/database/wordpress/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/vulnerability/wordpress-cloudinary-plugin-3-3-0-broken-access-control-vulnerability](https://patchstack.com/database/wordpress/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/vulnerability/wordpress-cloudinary-plugin-3-3-0-broken-access-control-vulnerability) * Could you kindly clarify whether this is a false positive or if an additional update is planned? * Thank you Komal Gondhali * [dejicloudinary](https://wordpress.org/support/users/dejicloudinary/) * (@dejicloudinary) * [2 months, 3 weeks ago](https://wordpress.org/support/topic/security-vulnerability-report-broken-access-control-patchstack/#post-18842073) * Hi Komal, The issue mentioned in this request has been fixed on our side. If you discover a security issue with our plugin or service, we invite you to participate in Cloudinary’s bug bounty program which is managed through BugCrowd. You can learn more about the program here: [https://bugcrowd.com/engagements/cloudinary](https://bugcrowd.com/engagements/cloudinary) Best Regards, Deji * Thread Starter [komalgondhali](https://wordpress.org/support/users/komalgondhali/) * (@komalgondhali) * [1 month, 3 weeks ago](https://wordpress.org/support/topic/security-vulnerability-report-broken-access-control-patchstack/#post-18872627) * Hi[ ](https://wordpress.org/support/users/tamaracloudinary/)[@dejicloudinary](https://wordpress.org/support/users/dejicloudinary/), * I’m still seeing a vulnerability notice for version 3.3.2. * Reference: [https://patchstack.com/database/wordpress/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/vulnerability/wordpress-cloudinary-plugin-3-3-0-broken-access-control-vulnerability](https://patchstack.com/database/wordpress/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/vulnerability/wordpress-cloudinary-plugin-3-3-0-broken-access-control-vulnerability) * Could you kindly clarify whether this is a false positive or if an additional update is planned? * Thank you Komal Gondhali Viewing 5 replies - 1 through 5 (of 5 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-vulnerability-report-broken-access-control-patchstack%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/cloudinary-image-management-and-manipulation-in-the-cloud- cdn/assets/icon-256x256.png?rev=2377259) * [Cloudinary - Deliver Images and Videos at Scale](https://wordpress.org/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/) * [Frequently Asked Questions](https://wordpress.org/plugins/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/#faq) * [Support Threads](https://wordpress.org/support/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/) * [Active Topics](https://wordpress.org/support/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/unresolved/) * [Reviews](https://wordpress.org/support/plugin/cloudinary-image-management-and-manipulation-in-the-cloud-cdn/reviews/) * 7 replies * 3 participants * Last reply from: [komalgondhali](https://wordpress.org/support/users/komalgondhali/) * Last activity: [1 month, 3 weeks ago](https://wordpress.org/support/topic/security-vulnerability-report-broken-access-control-patchstack/#post-18872627) * Status: resolved