3 matches found
CVE-2021-24170
creationtimestamp| type| source ---|---|--- 2025-09-16 21:02:26+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lyy7rtqoxz25 2026-06-19 12:48:06+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/af9d1bf7-03a2-4fce-9ea6-8647ba055044...
CVE-2021-24170
CVE-2021-24170 affects the WordPress plugin User Profile Picture (versions before 2.5.0). The REST API endpoint get_users exposes password hashes, hashed activation keys, usernames, emails, and other sensitive information to users with the upload_files capability. Root cause: overly verbose respo...
CVE-2021-24170 User Profile Picture < 2.5.0 - Sensitive Information Disclosure
The REST API endpoint getusers in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less...