User Profile Picture
Monthly
Insecure Direct Object Reference (IDOR) in Cozmoslabs User Profile Picture WordPress plugin (versions through 2.6.3) allows a high-privileged authenticated attacker to modify the profile picture of arbitrary users by manipulating a user-controlled object key in requests. The flaw stems from CWE-639 - the plugin fails to validate that the authenticated user is authorized to modify the target user's resource before processing the change. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, consistent with its low CVSS score of 2.7.
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insecure Direct Object Reference (IDOR) in Cozmoslabs User Profile Picture WordPress plugin (versions through 2.6.3) allows a high-privileged authenticated attacker to modify the profile picture of arbitrary users by manipulating a user-controlled object key in requests. The flaw stems from CWE-639 - the plugin fails to validate that the authenticated user is authorized to modify the target user's resource before processing the change. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV, consistent with its low CVSS score of 2.7.
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.