VYPR
Unrated severityNVD Advisory· Published Aug 2, 2021· Updated Aug 3, 2024

User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR

CVE-2021-24473

Description

The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.