Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High0

Medium2

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2025-08-12

CVE-2025-8482 - Simple Local Avatars Plugin

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.

PLUGIN Simple Local Avatars

CVE-2025-8482

MEDIUM CVSS 4.3 2025-08-12

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-18

CVE-2024-10786 - Simple Local Avatars Plugin

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches.

PLUGIN Simple Local Avatars

CVE-2024-10786

MEDIUM CVSS 4.3 2024-11-16

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2025-8482 - Simple Local Avatars Plugin

CVE-2024-10786 - Simple Local Avatars Plugin

Company Links

Contact Us