Onedesigns : Security vulnerabilities, CVEs

Copy

CVE-2021-24675

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack

Max CVSS

6.5

EPSS Score

0.06%

Published

2021-10-18

Updated

2021-10-20

CVE-2021-24672

The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Max CVSS

5.4

EPSS Score

0.06%

Published

2021-10-18

Updated

2021-10-20

CVE-2011-3860

Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Max CVSS

4.3

EPSS Score

0.19%

Published

2011-09-28

Updated

2011-10-30

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!