Authorization Bypass in Cozmoslabs User Profile Picture Plugin
CVE-2026-61971
2.7LOW
What is CVE-2026-61971?
The Cozmoslabs User Profile Picture plugin suffers from an authorization bypass vulnerability that allows unauthorized users to exploit improperly configured access control security levels. This flaw can lead to unintended access to user profile pictures, compromising user privacy and security. The affected version range includes all versions up to and including 2.6.3, highlighting the need for immediate updates to mitigate potential security risks.
Affected Version(s)
User Profile Picture 0 <= 2.6.3