Description
WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently overwrite another users avatar. WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WordPress version 1.2.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.3.1 or latest
References
Related Vulnerabilities
Jenkins Improper Handling of Inconsistent Structural Elements Vulnerability (CVE-2021-21640)
Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41080)
WordPress 3.9.x Cross-Site Scripting Vulnerability (3.9 - 3.9.9)
WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)
WordPress Plugin Viper's Video Quicktags Unspecified Vulnerability (6.4.4)