Cozmoslabs User Profile Picture — known CVE vulnerabilities
Every CVE whose affected-product data names Cozmoslabs User Profile Picture, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2021-24170 — CVSS 7.5 (high): The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for…
CVE-2021-24473 — CVSS 5.4 (medium): The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by…
CVE-2024-5639 — CVSS 4.3 (medium): The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1…