Author Avatars List Block
Monthly
Missing authorization in Paul Bearne Author Avatars List/Block plugin (versions up to 2.1.25) allows unauthenticated remote attackers to access sensitive information through incorrectly configured access control, resulting in partial disclosure of confidential data. The vulnerability has low exploitation probability (EPSS 0.02%) and no public exploit identified, but the automatable nature and broken access control classification warrant attention for WordPress installations using this plugin.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Missing authorization in Paul Bearne Author Avatars List/Block plugin (versions up to 2.1.25) allows unauthenticated remote attackers to access sensitive information through incorrectly configured access control, resulting in partial disclosure of confidential data. The vulnerability has low exploitation probability (EPSS 0.02%) and no public exploit identified, but the automatable nature and broken access control classification warrant attention for WordPress installations using this plugin.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.1.17. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.