CVE-2022-0442
N/A
N/A
Summary
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | UsersWP – User Registration & User Profile | 1.2.3.1 < 1.2.3.1 | affected |
Weaknesses
- CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.