Medium severity4.3NVD Advisory· Published Mar 7, 2022· Updated Jun 17, 2026
CVE-2022-0442
CVE-2022-0442
Description
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.2.3.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.