| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-24672 | One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting | Unknown | One User Avatar | User Profile Picture | 中危 | - | 2021-10-18 13:45:53 | Deep Dive |
| CVE-2021-24654 | User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting | Unknown | User Registration – Custom Registration Form, Login And User Profile For WordPress | 中危 | - | 2021-10-04 11:20:17 | Deep Dive |
| CVE-2021-24527 | Profile Builder < 3.4.9 - Admin Access via Password Reset | Unknown | User Registration & User Profile – Profile Builder | 超危 | - | 2021-08-16 10:48:27 | Deep Dive |
| CVE-2021-24522 | ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget | Unknown | User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) | 中危 | - | 2021-08-09 10:04:15 | Deep Dive |
| CVE-2021-24473 | User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR | Unknown | User Profile Picture | 中危 | - | 2021-08-02 10:32:14 | Deep Dive |
| CVE-2021-24448 | Profile Builder < 3.4.8 - Authenticated Stored XSS | Unknown | User Registration & User Profile – Profile Builder | 中危 | - | 2021-08-02 10:31:59 | Deep Dive |
| CVE-2021-24443 | Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography | Unknown | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | 中危 | - | 2021-08-02 10:31:57 | Deep Dive |
| CVE-2021-24306 | Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS) | Ultimate Member | Ultimate Member – User Profile, User Registration, Login & Membership Plugin | 中危 | - | 2021-05-24 10:58:05 | Deep Dive |
| CVE-2021-24170 | User Profile Picture < 2.5.0 - Sensitive Information Disclosure | Unknown | User Profile Picture | 高危 | - | 2021-04-05 18:27:44 | Deep Dive |