Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-11587

Malware in sbrugna...

6.5CVSS6.5AI score0.00553EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.8 views

CVE-2021-24675

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...

6.5CVSS6.8AI score0.00553EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.6 views

CVE-2021-24672

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS6AI score0.00629EPSS
Exploits2References1
CNVD
CNVD
added 2021/10/24 12:0 a.m.10 views

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-103642)

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress One User Avatar plugin in versions prior to 2.3.7 has a cross-site scripting vulnerability that stems from a lack...

5.4CVSS2.3AI score0.00629EPSS
Exploits2References1
OSV
OSV
added 2021/10/18 2:15 p.m.3 views

CVE-2021-24672

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00629EPSS
Exploits2References1
NVD
NVD
added 2021/10/18 2:15 p.m.12 views

CVE-2021-24675

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...

6.5CVSS0.00553EPSS
Exploits2References1
OSV
OSV
added 2021/10/18 2:15 p.m.5 views

CVE-2021-24675

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...

6.5CVSS5.8AI score0.00553EPSS
Exploits2References1
CVE
CVE
added 2021/10/18 1:45 p.m.52 views

CVE-2021-24675

CVE-2021-24675 concerns the WordPress plugin “One User Avatar” (before 2.3.7). The vulnerability arises because the plugin does not verify CSRF when updating the avatar via the [avatar_upload] shortcode, allowing a logged-in attacker to induce a CSRF attack that changes a user’s avatar. Affected ...

6.5CVSS6.4AI score0.00553EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/10/18 12:0 a.m.2 views

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...

6.5CVSS6.4AI score0.00553EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.12 views

WordPress One User Avatar plugin <= 2.3.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress One User Avatar plugin versions = 2.3.6. Solution Update the WordPress One User Avatar plugin to the latest available version at least 2.3.7...

6.5CVSS3AI score0.00553EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder