VYPR
Medium severity6.5NVD Advisory· Published Oct 18, 2021· Updated Jun 17, 2026

CVE-2021-24675

CVE-2021-24675

Description

The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.