Summaryinfo

A vulnerability classified as problematic has been found in WP User Profile Avatar Plugin up to 1.0.0 on WordPress. This impacts an unknown function of the component Avatar Handler. Performing a manipulation results in authorization. This vulnerability was named CVE-2023-6384. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability, which was classified as problematic, was found in WP User Profile Avatar Plugin up to 1.0.0 on WordPress (WordPress Plugin). This affects some unknown processing of the component Avatar Handler. The manipulation with an unknown input leads to a authorization vulnerability. CWE is classifying the issue as CWE-639. The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. This is going to have an impact on integrity, and availability. The summary by CVE is:

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

The weakness was presented 01/22/2024 by Dmitrii Ignatyev. The advisory is shared at wpscan.com. This vulnerability is uniquely identified as CVE-2023-6384 since 11/29/2023. Neither technical details nor an exploit are publicly available.

Upgrading to version 1.0.1 eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• WordPress Plugin

Name

• WP User Profile Avatar Plugin

Version

• 1.0

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion