Authorization Bypass in Cozmoslabs User Profile Picture Plugin
CVE-2026-61971

2.7LOW

Key Information:

Vendor

WordPress

Vendor
CVE Published:
13 July 2026

What is CVE-2026-61971?

The Cozmoslabs User Profile Picture plugin suffers from an authorization bypass vulnerability that allows unauthorized users to exploit improperly configured access control security levels. This flaw can lead to unintended access to user profile pictures, compromising user privacy and security. The affected version range includes all versions up to and including 2.6.3, highlighting the need for immediate updates to mitigate potential security risks.

Affected Version(s)

User Profile Picture 0 <= 2.6.3

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ananda Dhakal (Patchstack)
.