VYPR

Avatar

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-3520HigApr 18, 2025
    risk 0.53cvss 8.1epss 0.01

    The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete…

  • CVE-2025-39434MedApr 17, 2025
    risk 0.28cvss 4.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avatar: from n/a through <= 0.1.4.