Lucene search
K

230 matches found

Vulnrichment
Vulnrichment
added 2025/08/12 6:42 a.m.2 views

CVE-2025-8482 Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6.7AI score0.00233EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/12 6:42 a.m.6 views

CVE-2025-8482 Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS0.00233EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-32632 · WordPress · Simple Local Avatars

Name of the Vulnerable Software and Affected Versions: Simple Local Avatars plugin for WordPress version 2.8.4 Description: The Simple Local Avatars plugin for WordPress is susceptible to unauthorized data modification due to an incomplete capability check within the migrate from wp user avatar...

4.3CVSS7.2AI score0.00233EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.5 views

WordPress plugin Simple Local Avatars 安全漏洞

WordPress Simple Local Avatars plugin is a WordPress plugin mainly used to allow users to upload and manage local avatars, replacing the default Gravatar service. A security vulnerability exists in the WordPress Simple Local Avatars plugin, which stems from a lack of capability checking, and can ...

4.3CVSS6.4AI score0.00233EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/11 10:9 p.m.6 views

WordPress Simple Local Avatars plugin <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration vulnerability

Missing Authorization to Authenticated Subscriber+ Avatar Migration vulnerability discovered by Håkon Harnes in WordPress Plugin Simple Local Avatars versions = 2.8.4...

4.3CVSS6.7AI score0.00233EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 11:42 a.m.7 views

CVE-2025-22804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.23...

6.5CVSS7.2AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.4 views

CVE-2024-47370

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.21...

6.5CVSS5.9AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.8 views

CVE-2024-43116

Cross-Site Request Forgery CSRF vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10...

8.8CVSS7AI score0.00196EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.19 views

CVE-2024-10786

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the slaclearusercache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS6.4AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.6 views

CVE-2022-3870

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private...

5.3CVSS6.5AI score0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.8 views

CVE-2019-17132

vBulletin through 5.5.4 mishandles custom avatars...

9.8CVSS6.9AI score0.1178EPSS
Exploits4References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/21 4:25 a.m.4 views

Malicious code in com.meta.xr.sdk.avatars.sample.assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09a9d5a626622260968ebe26077b57efd3ec56b069d8808fe569f79523a7095a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/16 9:3 a.m.2 views

Malicious code in com.meta.xr.sdk.avatars (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2819b05ade219214d57904bac7d545f37b68824e1a40e52668c7b6751d543c49 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 3:40 p.m.6 views

Malicious code in @sporta-technology/d11-web-components.table-cells.tc-avatars (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
NVD
NVD
added 2025/01/09 4:16 p.m.18 views

CVE-2025-22804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.23...

6.5CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 3:39 p.m.18 views

CVE-2025-22804 WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through = 2.1.23...

6.5CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 3:39 p.m.7 views

CVE-2025-22804 WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.23...

6.5CVSS7AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

WordPress plugin Author Avatars List/Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Author Avatars...

6.5CVSS7.5AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-4713 · Unknown · Author Avatars List/Block

Name of the Vulnerable Software and Affected Versions: Author Avatars List/Block versions prior to 2.1.24 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables an attacker to...

6.5CVSS6.5AI score0.00223EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/07 10:12 p.m.5 views

WordPress Author Avatars List/Block plugin <= 2.1.23 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Author Avatars List/Block versions = 2.1.23...

6.5CVSS5.8AI score0.00223EPSS
Exploits0Affected Software1
Rows per page
Query Builder