Vulnerabilities > Onedesigns
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-18 | CVE-2021-24672 | Cross-site Scripting vulnerability in Onedesigns ONE User Avatar The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | 3.5 |
2021-10-18 | CVE-2021-24675 | Cross-Site Request Forgery (CSRF) vulnerability in Onedesigns ONE User Avatar The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. | 4.3 |