Security Advisory

CVE-2023-6384

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-22 19:14:24

Last updated 2025-06-11 16:36:59

Assigner WPScan

State PUBLISHED

Description

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

← Browse all CVEs View on cve.org ↗