cleantalk
Vulnerabilities and Security Researches

Simple Local Avatars, CVE-2022-25860

CVE, Research URL

CVE-2022-25860

Home page URL

Security reports for Simple Local Avatars

Application

Simple Local Avatars

Published on
Jan 27, 2023
Research Description
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).
Affected versions
Min -, max 2.7.4.
Status
vulnerable
Previous vulnerability researches
Simple Local Avatars , Jul 24, 2024
Simple Local Avatars (CVE-2025-8482) , Aug 14, 2025
Simple Local Avatars (CVE-2024-43116) , Aug 11, 2024
Simple Local Avatars (CVE-2022-25881) , Jun 07, 2024
Simple Local Avatars (CVE-2022-25860) , Jun 07, 2024
New vulnerability
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2025-30993) , Aug 15, 2025
GMap Generator (CVE-2025-8568) , Aug 14, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-47444) , Aug 14, 2025
Easy Form Builder (CVE-2025-54678) , Aug 14, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-54025) , Aug 14, 2025