Onedesigns : Security vulnerabilities, CVEs csrf, cross site request forgery

CVE-2021-24675

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack

Max CVSS

6.5

EPSS Score

0.06%

Published

2021-10-18

Updated

2021-10-20

1 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!

Accept Close

Onedesigns : Security Vulnerabilities, CVEs, (CSRF)

CVE-2021-24675