Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.
- https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cve-scores