Unrated severityNVD Advisory· Published Aug 2, 2021· Updated Aug 3, 2024
User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR
CVE-2021-24473
Description
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/User Profile Picturedescription
- Range: <2.6.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/79982ea9-4733-4b1e-a43e-17629c1136demitrex_refsource_MISC
News mentions
0No linked articles in our index yet.