Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbFelipe de AvilaWPVDB-ID:9CF0822A-C9D6-4EBC-B905-95B143D1A692
HistoryFeb 14, 2022 - 12:00 a.m.

UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override

2022-02-1400:00:00
Felipe de Avila
wpscan.com
8

0.001 Low

EPSS

Percentile

24.8%

JSON

The plugin is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

PoC

- Right click the thumbnail of another user and copy the image URL. It will be something like: wp-content/uploads/2022/02/myprofilepic_uwp_avatar_thumb.png. - Create a local file called myprofilepic.png, and upload it as your new profile photo. - Go check the other user again, and it should now have your profile photo. More details: https://youtu.be/OHnpCjdAvgg

CPENameOperatorVersion
userswplt1.2.3.1

Related

nvd 1
wpexploit 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2022-0442
2022-03-07 09:15:09
wpexploit
wpexploit
UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
2022-02-14 00:00:00
prion
prion
Design/Logic Flaw
2022-03-07 09:15:00
cvelist
cvelist
CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
2022-03-07 08:16:45
cve
cve
CVE-2022-0442
2022-03-07 09:15:09

0.001 Low

EPSS

Percentile

24.8%

JSON
Related for WPVDB-ID:9CF0822A-C9D6-4EBC-B905-95B143D1A692
nvd1wpexploit1prion1cvelist1cve1