Onedesigns

onedesigns

3 CVEs • 2 products

Products (2)

Click to collapse

Toggle

One User Avatar

one_user_avatar

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24675 1Onedesigns 1One User Avatar Jun 17, 2026 Oct 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avata...Show more The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attackShow less
CVE-2021-24672 1Onedesigns 1One User Avatar Jun 17, 2026 Oct 18, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVE-2011-3860 1Onedesigns 1Cover Wp Apr 29, 2026 Sep 28, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.