CVE-2022-0442

Published: Mar 7, 2022

Modified: Aug 2, 2024

PUBLISHED

Description

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

Vendor	Product	Versions
Unknown	UsersWP – User Registration & User Profile	affected `1.2.3.1 - < 1.2.3.1`

Weaknesses (CWE)

CWE-639

References

https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-0442

Description

Affected Products

Weaknesses (CWE)

References