CVE-2025-8482 Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migratefromwpuseravatar function. This makes it possible for authenticated attackers, with subscriber-level access and above, to...