← Back

User Avatar Reloaded

user_avatar-reloaded

Vendor: Wpexperts • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-4798
1Wpexperts
1User Avatar Reloaded
Nov 21, 2024
Oct 16, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.