Lucene search
Felipe de AvilaWPEX-ID:9CF0822A-C9D6-4EBC-B905-95B143D1A692HistoryFeb 14, 2022 - 12:00 a.m.
UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
2022-02-1400:00:00
Felipe de Avila
270
0.001 Low
EPSS
Percentile
24.8%
The plugin is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.
- Right click the thumbnail of another user and copy the image URL. It will be something like: wp-content/uploads/2022/02/myprofilepic_uwp_avatar_thumb.png.
- Create a local file called myprofilepic.png, and upload it as your new profile photo.
- Go check the other user again, and it should now have your profile photo.
More details:
https://youtu.be/OHnpCjdAvggRelated
nvd
nvd
CVE-2022-0442
2022-03-07 09:15:09
prion
prion
Design/Logic Flaw
2022-03-07 09:15:00
wpvulndb
wpvulndb
UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
2022-02-14 00:00:00
cvelist
cvelist
CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
2022-03-07 08:16:45
cve
cve
CVE-2022-0442
2022-03-07 09:15:09