cleantalk
Vulnerabilities and Security Researches

WP User Profile Avatar, CVE-2025-49980

CVE, Research URL

CVE-2025-49980

Home page URL

Security reports for WP User Profile Avatar

Application

WP User Profile Avatar

Published on
Jun 20, 2025
Research Description
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6.
Affected versions
Min -, max 1.0.6.
Status
vulnerable
Previous vulnerability researches
WPThumb (CVE-2025-49983) , Jun 23, 2025
New vulnerability
Import YouTube videos as WP Posts (CVE-2025-52802) , Jun 23, 2025
Download Attachments (CVE-2025-49995) , Jun 23, 2025
WP User Profile Avatar (CVE-2025-49980) , Jun 23, 2025
Mailing Group Listserv (CVE-2025-50036) , Jun 23, 2025
XML Travel Portal Widget (CVE-2025-49968) , Jun 23, 2025