Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cozmoslabs user profile picture vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-24473
The User Profile Picture WordPress plugin prior to 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
Cozmoslabs User Profile Picture
7.5
CVSSv3
CVE-2021-24170
The REST API endpoint get_users in the User Profile Picture WordPress plugin prior to 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, ...
Cozmoslabs User Profile Picture
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started