All 5 CVE vulnerabilities found in WP User Profile Avatar, with AI-generated Chinese analysis, references, and POCs.
Vendor: Unknown
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-49980 | WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability CWE-862 | 4.3 | Medium | 2025-06-20 |
| CVE-2024-10789 | WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update CWE-352 | 4.3 | Medium | 2025-01-16 |
| CVE-2023-6067 | WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS | 5.4AI | MediumAI | 2024-04-15 |
| CVE-2023-52118 | WordPress WP User Profile Avatar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) CWE-79 | 6.5 | Medium | 2024-02-01 |
| CVE-2023-6384 | WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR | 4.3 | - | 2024-01-22 |
All 5 known CVE vulnerabilities affecting WP User Profile Avatar with full Chinese analysis, references, and POCs where available.