Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
avatar vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2014-9155
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (dot dot) in the path of a cropped picture in the uploader panel.
Avatar Uploader Project Avatar Uploader 7.x-1.0
Avatar Uploader Project Avatar Uploader 7.x-1.x-dev
Avatar Uploader Project Avatar Uploader 6.x-1.0
Avatar Uploader Project Avatar Uploader 6.x-1.1
6.5
CVSSv2
CVE-2015-2087
Unrestricted file upload vulnerability in the Avatar Uploader module prior to 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.
Avatar Uploader Project Avatar Uploader
4
CVSSv2
CVE-2019-10377
A missing permission check in Jenkins Avatar Plugin 1.2 and previous versions allows attackers with Overall/Read access to change the avatar of any user of Jenkins.
Jenkins Avatar
NA
CVE-2023-4798
The User Avatar WordPress plugin prior to 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
Wpexperts User Avatar-reloaded
3.5
CVSSv2
CVE-2021-24672
The One User Avatar WordPress plugin prior to 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
Onedesigns One User Avatar
4.3
CVSSv2
CVE-2021-24675
The One User Avatar WordPress plugin prior to 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack
Onedesigns One User Avatar
NA
CVE-2023-47650
Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.This issue affects Add Local Avatar: from n/a up to and including 12.1.
Petersterling Add Local Avatar
NA
CVE-2023-6384
The WP User Profile Avatar WordPress plugin prior to 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar
Wp-eventmanager User Profile Avatar
NA
CVE-2023-46621
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions.
Enejbajgoric\\/gagansandhu\\/ctltdev User Avatar
5
CVSSv2
CVE-2018-9205
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
Drupal Avatar Uploader 7.x-1.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »