Cozmoslabs User Profile Picture
2 CVEs affecting Cozmoslabs User Profile Picture. Latest disclosed: 2026-07-13. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-5639 | Medium | 4.3 | 2024-06-21 | The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_c… |
CVE-2026-61971 | Low | 2.7 | 2026-07-13 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Config… |