WordPress Plugin Vulnerabilities

User Avatar 1.3.7 - shell upload

Description

The User Avatar WordPress plugin was affected by a shell upload security vulnerability.

Affects Plugins

Plugin icon
user-avatar
Fixed in 1.4

References

Exploitdb
17872

Miscellaneous

Verified
No
WPVDB ID
e192a584-ddb7-4bac-8b49-30914eb631a1

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2022-10-05
Title
Create Block Theme < 1.2.2 - Unauthenticated Arbitrary File Upload
Published
2025-10-15
Title
Blogmatic < 1.0.4 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-10-17
Title
WP Dropbox Dropins <= 1.0 - Unauthenticated Arbitrary File Upload
Published
2026-01-27
Title
AI Engine < 3.3.3 - Editor+ Arbitrary File Upload
Published
2025-10-23
Title
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload