cleantalk
Vulnerabilities and Security Researches

Simple Local Avatars, CVE-2022-25881

CVE, Research URL

CVE-2022-25881

Home page URL

Security reports for Simple Local Avatars

Application

Simple Local Avatars

Published on
Jan 31, 2023
Research Description
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Affected versions
Min -, max 2.7.4.
Status
vulnerable
Previous vulnerability researches
Simple Local Avatars , Jul 24, 2024
Simple Local Avatars (CVE-2025-8482) , Aug 14, 2025
Simple Local Avatars (CVE-2024-43116) , Aug 11, 2024
Simple Local Avatars (CVE-2022-25881) , Jun 07, 2024
Simple Local Avatars (CVE-2022-25860) , Jun 07, 2024
New vulnerability
Thank You Page Customizer for WooCommerce – Increase Your Sales (CVE-2025-30993) , Aug 15, 2025
GMap Generator (CVE-2025-8568) , Aug 14, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-47444) , Aug 14, 2025
Easy Form Builder (CVE-2025-54678) , Aug 14, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-54025) , Aug 14, 2025