Vulnerabilities > Onedesigns

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-18	CVE-2021-24672	Cross-site Scripting vulnerability in Onedesigns ONE User Avatar The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks network onedesigns CWE-79	3.5
2021-10-18	CVE-2021-24675	Cross-Site Request Forgery (CSRF) vulnerability in Onedesigns ONE User Avatar The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. network onedesigns CWE-352	4.3

Vulnerabilities > Onedesigns {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Onedesigns"}]}