Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for User Profile Picture by cozmoslabs

    CVE-2024-5639 (GCVE-0-2024-5639)

    Vulnerability from nvd – Published: 2024-06-21 06:58 – Updated: 2026-04-08 16:32
    VLAI
    Title
    User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
    Summary
    The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    cozmoslabs User Profile Picture Affected: 0 , ≤ 2.6.1 (semver)
    Create a notification for this product.
    Credits
    Stephanie Walters
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:16:07.090114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T14:16:14.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L989"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L1122"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3105132/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "User Profile Picture",
              "vendor": "cozmoslabs",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stephanie Walters"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the \u0027rest_api_change_profile_image\u0027 function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:32:35.554Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L989"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L1122"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3105132/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-20T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "User Profile Picture \u003c= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-5639",
        "datePublished": "2024-06-21T06:58:18.451Z",
        "dateReserved": "2024-06-04T16:21:34.354Z",
        "dateUpdated": "2026-04-08T16:32:35.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-5639 (GCVE-0-2024-5639)

    Vulnerability from cvelistv5 – Published: 2024-06-21 06:58 – Updated: 2026-04-08 16:32
    VLAI
    Title
    User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
    Summary
    The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    cozmoslabs User Profile Picture Affected: 0 , ≤ 2.6.1 (semver)
    Create a notification for this product.
    Credits
    Stephanie Walters
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:16:07.090114Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-30T14:16:14.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L989"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L1122"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3105132/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "User Profile Picture",
              "vendor": "cozmoslabs",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stephanie Walters"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the \u0027rest_api_change_profile_image\u0027 function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update the profile picture of any user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:32:35.554Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01a3b9ba-b18a-48d9-8365-d10f79fc6a6b?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L989"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/metronet-profile-picture/tags/2.6.1/metronet-profile-picture.php#L1122"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3105132/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-20T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "User Profile Picture \u003c= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-5639",
        "datePublished": "2024-06-21T06:58:18.451Z",
        "dateReserved": "2024-06-04T16:21:34.354Z",
        "dateUpdated": "2026-04-08T16:32:35.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }