UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress, c2912faa-ce49-4146-8ee6-b03e29ca9db7

CVE, Research URL: c2912faa-ce49-4146-8ee6-b03e29ca9db7
Home page URL: Security reports for UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Application: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress
Published on: -
Research Description: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP [userswp] < 1.2.3.23 UsersWP < 1.2.3.23 - Profile Picture Deletion via CSRF The plugin does not have CSRF check when deleting profile pictures, which could allow attackers to make logged in users perform unwanted actions via a CSRF attack
Affected versions: max 1.2.3.23.
Status: vulnerable

UsersWP &#8211; Front-end login form, User Registration, User Profile &amp; Members Directory plugin for WordPress, c2912faa-ce49-4146-8ee6-b03e29ca9db7