cleantalk
Vulnerabilities and Security Researches

Simple Local Avatars, CVE-2025-8482

CVE, Research URL

CVE-2025-8482

Home page URL

Security reports for Simple Local Avatars

Application

Simple Local Avatars

Published on
Aug 12, 2025
Research Description
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.
Affected versions
Min -, max 2.8.5.
Status
vulnerable
Previous vulnerability researches
Simple Responsive Slider (CVE-2025-8690) , Aug 12, 2025
New vulnerability
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2025-30993) , Aug 15, 2025
GMap Generator (CVE-2025-8568) , Aug 14, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-47444) , Aug 14, 2025
Easy Form Builder (CVE-2025-54678) , Aug 14, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-54025) , Aug 14, 2025