cleantalk
Vulnerabilities and Security Researches

Simple Local Avatars, CVE-2025-8482

CVE, Research URL

CVE-2025-8482

Home page URL

Security reports for Simple Local Avatars

Application

Simple Local Avatars

Published on
Aug 12, 2025
Research Description
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.
Affected versions
Min -, max 2.8.5.
Status
vulnerable
Previous vulnerability researches
Blogger Buzz (CVE-2025-54680) , Aug 02, 2025
Blogger Buzz (115f6bdb0e5c21979d308193f82caf8fb7388640) , Jun 11, 2024
Blogger Buzz (CVE-2023-30476) , Jun 10, 2024
New vulnerability
Easy Form Builder (CVE-2025-54678) , Aug 14, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-54025) , Aug 14, 2025
RT Easy Builder – Advanced addons for Elementor (CVE-2025-8462) , Aug 14, 2025
Database for Contact Form 7, WPforms, Elementor forms (CVE-2025-7384) , Aug 14, 2025
Eventer (CVE-2025-39483) , Aug 14, 2025