Medium security vulnerability fixed in user profile mode plugin

On the 15th February 2021, Wordfence discovered a medium threat security vulnerability in the plugin called User Profile Picture. The WordPress Plugin has been installed on over 60,000 sites. The vulnerability if left unpatched makes it possible for authenticated users with the upload_files capability to obtain sensitive user information. The plugin has since released a patch on February 18, 2021. It is highly recommended to ensure the plugin is updated to version 2.5.0 immediately.

Description: Sensitive Information Disclosure
Affected Plugin: User Profile Picture
Plugin Slug: metronet-profile-picture
Affected Versions: <= 2.4.0
CVE ID:CVE-2021-24170
CVSS Score: 6.5 (Medium)
CVSS Vector:CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Fully Patched Version: 2.5.0

To stop issues like this Hosted WP suggest looking at service like our WordPress Maintenance services to ensure you are always updated and protected from plugin security issues

Full information and the technical information can be found at https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Company
    Contact Us Blog
    Hosted WP, Perth's premier WordPress Services company.
    Subscribe to our newsletter
    The latest news, articles, and resources, sent to your inbox.
    © 2024 Hosted WP. All rights reserved.