UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress, CVE-2022-0442

CVE, Research URL: CVE-2022-0442
Home page URL: Security reports for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Application: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Published on: Mar 07, 2022
Research Description: The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.
Affected versions: max 1.2.3.10.
Status: vulnerable

UsersWP &#8211; Front-end login form, User Registration, User Profile &amp; Members Directory plugin for WordPress, CVE-2022-0442