Cozmoslabs ≫ User Profile Picture

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

4.3

CVE-2024-5639

EPSS 0.21%
Veröffentlicht 21.06.2024 07:15:10
Zuletzt bearbeitet 21.11.2024 09:48:04

The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This make...

5.5

CVE-2021-24473

Exploit

EPSS 0.18%
Veröffentlicht 02.08.2021 11:15:10
Zuletzt bearbeitet 21.11.2024 05:53:08

The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher ...

7.5

CVE-2021-24170

Exploit

EPSS 42.15%
Veröffentlicht 05.04.2021 19:15:15
Zuletzt bearbeitet 21.11.2024 05:52:30

The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activati...

Team-orientierte Vulnerability Management Plattform

Features der Plattform

Cozmoslabs ≫ User Profile Picture

CVE-2024-5639

CVE-2021-24473

CVE-2021-24170