Vulnerabilities > Ayecode > Userswp > 1.2.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2022-47442 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ayecode Userswp Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | 8.8 |
| 2022-03-07 | CVE-2022-0442 | Authorization Bypass Through User-Controlled Key vulnerability in Ayecode Userswp The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. | 4.3 |