EUVD-2023-56792

Malicious code in bioql PyPI...

CVE-2025-49980

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...

CVE-2025-49980

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...

CVE-2025-49980 WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6...

CVE-2025-49980 WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...

CVE-2025-49980

CVE-2025-49980 concerns the WordPress plugin WP User Profile Avatar (affected: versions up to 1.0.6) and is a Missing Authorization / broken access control vulnerability. The CVE describes an exposure where access control is misconfigured, enabling exploitation via unauthorized actions. Public so...

WordPress plugin WP User Profile Avatar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-52118

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a through 1.0...

CVE-2024-10789

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

CVE-2024-10789

CVE-2024-10789 concerns the WP User Profile Avatar plugin for WordPress. The description reports a CSRF vulnerability in all versions up to 1.0.5 caused by missing or incorrect nonce validation in wpupa_user_admin(), enabling unauthenticated attackers to update plugin settings by luring an admini...

CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

PT-2025-1606 · WordPress · Wp User Profile Avatar

Name of the Vulnerable Software and Affected Versions: WP User Profile Avatar plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is due to missing or incorrect nonce validation on the wpupa user admin function, making it possible for unauthenticated attackers to upda...

WordPress plugin WP User Profile Avatar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress WP User Profile Avatar plugin <= 1.0.5 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by yudha in WordPress Plugin WP User Profile Avatar versions = 1.0.5...

WordPress WP User Profile Avatar plugin <= 1.0.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP User Profile Avatar versions = 1.0.1...

CVE-2023-6067

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2023-6067

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

CVE-2023-6067 WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS

The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attac...

WordPress WP User Profile Avatar Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP User Profile Avatar Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6067 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 73f7395294a7 Credits Dmitrii Ignatyev...