230 matches found
CVE-2025-8482 Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2025-8482 Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
PT-2025-32632 · WordPress · Simple Local Avatars
Name of the Vulnerable Software and Affected Versions: Simple Local Avatars plugin for WordPress version 2.8.4 Description: The Simple Local Avatars plugin for WordPress is susceptible to unauthorized data modification due to an incomplete capability check within the migrate from wp user avatar...
WordPress plugin Simple Local Avatars 安全漏洞
WordPress Simple Local Avatars plugin is a WordPress plugin mainly used to allow users to upload and manage local avatars, replacing the default Gravatar service. A security vulnerability exists in the WordPress Simple Local Avatars plugin, which stems from a lack of capability checking, and can ...
WordPress Simple Local Avatars plugin <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration vulnerability
Missing Authorization to Authenticated Subscriber+ Avatar Migration vulnerability discovered by Håkon Harnes in WordPress Plugin Simple Local Avatars versions = 2.8.4...
CVE-2025-22804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.23...
CVE-2024-47370
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.21...
CVE-2024-43116
Cross-Site Request Forgery CSRF vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10...
CVE-2024-10786
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the slaclearusercache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2022-3870
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private...
CVE-2019-17132
vBulletin through 5.5.4 mishandles custom avatars...
Malicious code in com.meta.xr.sdk.avatars.sample.assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09a9d5a626622260968ebe26077b57efd3ec56b069d8808fe569f79523a7095a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in com.meta.xr.sdk.avatars (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2819b05ade219214d57904bac7d545f37b68824e1a40e52668c7b6751d543c49 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @sporta-technology/d11-web-components.table-cells.tc-avatars (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-22804
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.23...
CVE-2025-22804 WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.23...
CVE-2025-22804 WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.23...
WordPress plugin Author Avatars List/Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Author Avatars...
PT-2025-4713 · Unknown · Author Avatars List/Block
Name of the Vulnerable Software and Affected Versions: Author Avatars List/Block versions prior to 2.1.24 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables an attacker to...
WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability
Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Author Avatars List/Block versions = 2.1.23...