CVE-2023-6384
CVE-2023-6384 affects the WP User Profile Avatar WordPress plugin, vulnerable in versions before 1.0.1. The issue is an authorization/IDOR flaw that lets authors delete or update arbitrary avatars due to improper access checks. Impact is limited to avatar management (not full site compromise) as ...