4 matches found
CVE-2022-0442
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...
CVE-2022-0442
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...
CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...
CVE-2022-0442
CVE-2022-0442 affects the WordPress plugin UsersWP (versions prior to 1.2.3.1). The issue is a lack of access controls when updating a user avatar and non-unique avatar filenames, enabling a logged-in user to overwrite another user’s avatar. The vulnerability is confirmed across multiple sources ...