Vulnerabilities

CVE-2025-8482

by Fred · 12/08/2025

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.

More information : https://plugins.trac.wordpress.org/browser/simple-local-avatars/tags/2.8.4/includes/class-simple-local-avatars.php#L123

Similar

Tags: Cybersecurity Alert