EUVD-2026-34927

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

CVE-2025-8482

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2025-8482

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2025-8482 Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2021-43180

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible...

JetBrains Hub Information Disclosure Vulnerability

JetBrains Hub is a server that can handle authentication, authorization, users, groups, permissions, and projects across multiple JetBrains Team Tools installations. An information disclosure vulnerability exists in JetBrains Hub versions prior to 2021.1.13690. An attacker could exploit this...

CVE-2021-43180

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible...

CVE-2021-43180

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible...

Information disclosure

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible...

CVE-2021-43180

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible...

CVE-2021-43180

JetBrains Hub prior to version 2021.1.13690 is affected by CVE-2021-43180 where information is disclosed via avatar metadata. The issue is documented across multiple sources (NVD, Red Hat RH: CVE-2021-43180; CNVD; CVELIST) and is acknowledged in the JetBrains Security Bulletin Q3 2021 as HUB-1015...

JetBrains Hub 信息泄露漏洞

JetBrains Hub is a server that can handle authentication, authorization, users, groups, permissions, and projects across multiple JetBrains Team Tools installations. An information disclosure vulnerability exists in JetBrains Hub versions prior to 2021.1.13690. An attacker could exploit this...