Cozmoslabs User_profile_picture
3 CVEs affecting Cozmoslabs User_profile_picture. Latest disclosed: 2024-06-21. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-24170 | High | 7.5 | 2021-04-05 | The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to… |
CVE-2021-24473 | Medium | 5.4 | 2021-08-02 | The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and ab… |
CVE-2024-5639 | Medium | 4.3 | 2024-06-21 | The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_c… |