WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection and MIME validation in the objects/userSavePhoto.php...

EUVD-2026-26732

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the uploadavatar function, which accepts an attacker-controlled...

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

WordPress plugin 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability in the WordPress plugin UsersWP...

PT-2022-13187 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.3.1 Description: The issue is related to missing access controls when updating a user avatar and the lack of unique file names for user avatars. This allows a logged-in user to overwrite another...