RSS   Vulnerabilities for 'Userswp'   RSS

2022-03-07
 
CVE-2022-0442

CWE-863
 

 
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

 

 >>> Vendor: Ayecode 4 Products
Location manager
Getpaid
Geodirectory
Userswp


Copyright 2024, cxsecurity.com

 

Back to Top