VYPR

User Avatar

by WordPress

CVEs (2)

  • CVE-2023-46621HigNov 8, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions.

  • CVE-2023-4798MedOct 16, 2023
    risk 0.35cvss 5.4epss 0.00

    The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.