WordPress Avatar Vulnerabilities
Wordpress Avatar vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Missing Authorization in WP User Profile Avatar by WordPress
CVE-2025-49980WordPressWP User Profile Avatar4.3MEDIUMArbitrary File Deletion Vulnerability in Avatar Plugin for WordPress
CVE-2025-3520WordPressAvatar8.1HIGHAuthorization Bypass in Scott Taylor Avatar Plugin for WordPress
CVE-2025-39434WordPressAvatar4.3MEDIUMCross-Site Request Forgery in WP User Profile Avatar Plugin for WordPress
CVE-2024-10789WordpressWP User Profile Avatar4.3MEDIUMCross-Site Scripting Vulnerability in Avatar 3D Creator
CVE-2024-54358WordPress3d Avatar User Profile7.1HIGHUnauthorized Modification of User Caches Possible in Simple Local Avatars Plugin
CVE-2024-10786WordpressSimple Local Avatars4.3MEDIUMStored XSS Vulnerability in Author Avatars List/Block
CVE-2024-47370WordPressAuthor Avatars List/block6.5MEDIUMCSRF Vulnerability Affects Simple Local Avatars
CVE-2024-43116WordPressSimple Local Avatars8.8HIGHWP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS
CVE-2023-6067WordpressWP User Profile AvatarπΎπ‘WordPress WP User Profile Avatar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-52118WordPressWP User Profile Avatar6.5MEDIUMWP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR
CVE-2023-6384WordpressWP User Profile AvatarπΎπ‘4.3MEDIUMWordPress Author Avatars List/Block Plugin <= 2.1.17 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-49846WordPressAuthor Avatars List/Block6.5MEDIUMWordPress Add Local Avatar Plugin <= 12.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-47650WordPressAdd Local Avatar8.8HIGHWordPress User Avatar Plugin <= 1.4.11 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-46621WordPressUser Avatar6.1MEDIUMUser Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
CVE-2023-4798WordpressUser Avatar5.4MEDIUMProfilePress < 3.2.3 - Reflected Cross-Site Scripting
CVE-2021-24955WordpressUser Registration, Log...6.1MEDIUMProfilePress < 3.2.3 - Reflected Cross-Site Scripting
CVE-2021-24954WordpressUser Registration, Log...6.1MEDIUMOne User Avatar < 2.3.7 - Avatar Update via CSRF
CVE-2021-24675WordpressOne User Avatar | User...6.5MEDIUMOne User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24672WordpressOne User Avatar | User...5.4MEDIUMProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget
CVE-2021-24522WordpressUser Registration, Use...6.1MEDIUMProfilePress < 3.1.8 - Authenticated Stored XSS
CVE-2021-24450WordpressUser Registration, Use...4.8MEDIUM
20 June 2025
18 April 2025
17 April 2025
16 January 2025
16 December 2024
16 November 2024
5 October 2024
26 August 2024
15 April 2024
1 February 2024
22 January 2024
14 December 2023
18 November 2023
8 November 2023
16 October 2023
13 December 2021
18 October 2021
9 August 2021
2 August 2021
No more vulnerabilities to load.