Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-24473
HistoryAug 02, 2021 - 11:15 a.m.

CVE-2021-24473

2021-08-0211:15:10
CWE-639
[email protected]
web.nvd.nist.gov
27
3
cve-2021-24473
user profile picture
wordpress plugin
idor issue
security vulnerability

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON

The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).

Affected configurations

Vulners
NVD
Node
cozmoslabsuser_profile_pictureRange<2.6.0
VendorProductVersionCPE
cozmoslabsuser_profile_picture*cpe:2.3:a:cozmoslabs:user_profile_picture:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "User Profile Picture",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.6.0",
        "status": "affected",
        "version": "2.6.0",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

prion 1
wpvulndb 1
wpexploit 1
cvelist 1
nvd 1
prion
prion
Default credentials
2021-08-02 11:15:00
wpvulndb
wpvulndb
User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR
2021-06-28 00:00:00
wpexploit
wpexploit
User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR
2021-06-28 00:00:00
cvelist
cvelist
CVE-2021-24473 User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR
2021-08-02 10:32:14
nvd
nvd
CVE-2021-24473
2021-08-02 11:15:10

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON
Related for CVE-2021-24473
prion1wpvulndb1wpexploit1cvelist1nvd1