RSS   Podatności dla 'User profile picture'   RSS

2021-08-02
 
CVE-2021-24473

CWE-639
 

 
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).

 
2021-04-05
 
CVE-2021-24170

CWE-200
 

 
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.

 

 >>> Vendor: Cozmoslabs 3 Produkty
Profile builder
User profile picture
Translatepress


Copyright 2024, cxsecurity.com

 

Back to Top