cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-24675,https://securityvulnerability.io/vulnerability/CVE-2021-24675,One User Avatar < 2.3.7 - Avatar Update via CSRF,"The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack",Wordpress,One User Avatar | User Profile Picture,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,false,false,2021-10-18T13:45:55.000Z,0
CVE-2021-24672,https://securityvulnerability.io/vulnerability/CVE-2021-24672,One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting,"The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks",Wordpress,One User Avatar | User Profile Picture,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-10-18T13:45:53.000Z,0