CVE-2023-4798

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...

EUVD-2022-4561

Malicious code in bioql PyPI...

EUVD-2025-11807

Malicious code in bioql PyPI...

EUVD-2023-54642

Malicious code in bioql PyPI...

CVE-2023-46621

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions...

CVE-2019-10377

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins...

CVE-2025-3520

The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the...

CVE-2025-3520

CVE-2025-3520 affects the WordPress Avatar plugin (versions ≤ 0.1.4). The root cause is insufficient file path validation in a function, enabling authenticated users with Subscriber+ access to delete arbitrary server files (e.g., wp-config.php), with potential remote code execution. Public entrie...

PT-2025-17251 · WordPress · Avatar

Name of the Vulnerable Software and Affected Versions: Avatar plugin for WordPress versions up to, and including, 0.1.4 Description: The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function. This makes it possible for...

WordPress plugin Avatar 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2025-39434 WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Avatar: from n/a through 0.1.4...

CVE-2025-39434

CVE-2025-39434 ffects the WordPress Avatar plugin (Scott Taylor) versions

CVE-2025-39434 WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avatar: from n/a through = 0.1.4...

WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Avatar versions = 0.1.4...

WordPress plugin Avatar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

CVE-2023-46621

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions...

CVE-2023-46621

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions...

CVE-2023-46621

CVE-2023-46621 is an unauthenticated cross-site scripting (XSS) vulnerability in the WordPress plugin User Avatar (ctltwp User Avatar) affecting versions up to and including 1.4.11 . The issue has a published CVE and is mitigated by upgrading to 1.4.12 or later. PatchStack corroborates the vulner...

PT-2023-30119 · WordPress · Ctlt Dev User Avatar

Name of the Vulnerable Software and Affected Versions: Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin versions = 1.4.11 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a...

CVE-2023-4798

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...