The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc | Exploit Third Party Advisory |
| https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/ | Third Party Advisory |
Configurations
History
09 Apr 2021, 19:34
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc - Exploit, Third Party Advisory | |
| References | (MISC) https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/ - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
| CWE | CWE-200 | |
| CPE | cpe:2.3:a:cozmoslabs:user_profile_picture:*:*:*:*:*:wordpress:*:* |
05 Apr 2021, 19:29
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-04-05 19:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-24170
Mitre link : CVE-2021-24170
CVE.ORG link : CVE-2021-24170
JSON object : View
Products Affected
cozmoslabs
- user_profile_picture
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor