Wp-eventmanager ≫ User Profile Avatar

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

5.4

CVE-2023-6067

Exploit

EPSS 0.13%
Published 15.04.2024 05:15:13
Last modified 09.05.2025 14:24:40

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo...

4.3

CVE-2023-6384

Exploit

EPSS 0.06%
Published 22.01.2024 20:15:47
Last modified 11.06.2025 17:15:39

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar