Vulnerabilities > Onedesigns

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-24672 Unspecified vulnerability in Onedesigns ONE User Avatar
The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
network
low complexity
onedesigns
5.4
2021-10-18 CVE-2021-24675 Unspecified vulnerability in Onedesigns ONE User Avatar
The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed.
network
low complexity
onedesigns
6.5