PT-2022-13187 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.3.1 Description: The issue is related to missing access controls when updating a user avatar and the lack of unique file names for user avatars. This allows a logged-in user to overwrite another...