Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cozmoslabs user profile picture vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-24170
The REST API endpoint get_users in the User Profile Picture WordPress plugin prior to 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, ...
Cozmoslabs User Profile Picture
490
VMScore
CVE-2021-24473
The User Profile Picture WordPress plugin prior to 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
Cozmoslabs User Profile Picture
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started