VYPR

User Photo

by WordPress

CVEs (2)

  • CVE-2013-1916HigJun 24, 2022
    risk 0.54cvss 8.8epss 0.12

    In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.

  • CVE-2012-2920May 21, 2012
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some…