3 matches found
CVE-2021-24473
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles...
CVE-2021-24473
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles...
CVE-2021-24473
The CVE-2021-24473 entry concerns the WordPress plugin User Profile Picture, affected in versions before 2.6.0. The vulnerability is an Insecure Direct Object Reference (IDOR) that allows users with the upload_image capability (default: author and above) to change and delete the profile pictures ...