High severityNVD Advisory· Published Jun 6, 2011· Updated Apr 29, 2026

CVE-2011-1950

Description

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
plone.app.usersPyPI	>= 1.0a1, < 1.0.5	1.0.5
plone.app.usersPyPI	>= 1.1b1, < 1.1.1	1.1.1
PlonePyPI	>= 4.0.1, < 4.0.6	4.0.6
PlonePyPI	>= 4.1.0, < 4.1.1	4.1.1

Affected products

Plone (software)/Plone2 versions
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
ghsa-coords2 versions
pkg:pypi/plone pkg:pypi/plone.app.users
>= 4.0.1, < 4.0.6+ 1 more
- (no CPE)range: >= 4.0.1, < 4.0.6
- (no CPE)range: >= 1.0a1, < 1.0.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plone.org/products/plone/security/advisories/CVE-2011-1950nvdPatchVendor AdvisoryWEB
secunia.com/advisories/44775nvdVendor Advisory
github.com/advisories/GHSA-2qx8-589j-gcpxghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2011-1950ghsaADVISORY
exchange.xforce.ibmcloud.com/vulnerabilities/67695nvdWEB
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yamlghsaWEB
osvdb.org/72729nvd
securityreason.com/securityalert/8269nvd
www.securityfocus.com/archive/1/518155/100/0/threadednvd
www.securityfocus.com/bid/48005nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000