2024-01-22 19:14:24
WPScan
PUBLISHED
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar