Unrated severityNVD Advisory· Published Apr 5, 2021· Updated Aug 3, 2024
User Profile Picture < 2.5.0 - Sensitive Information Disclosure
CVE-2021-24170
Description
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/User Profile Picturedescription
- Range: <2.5.0
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726ccmitrex_refsource_CONFIRM
- www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.