CNNVD-202508-1011 Information
CNNVD ID
CNNVD-202508-1011
Related CVE
- CNNVD Published: 2025-08-12
Description (Chinese)
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Simple Local Avatars 2.8.4版本存在安全漏洞,该漏洞源于缺少能力检查,可能导致未经授权的数据修改。
Description (English)
WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform supports the installation of personal blogs on PHP and MySQL servers. WordPress plugin is an application plugin. There is a security loophole in version 2.8.4 of WordPress Plugin Simple Local Avatars, which stems from a lack of capacity to check and may lead to unauthorized data modifications.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WordPress
Published
2025-08-12
Last Modified
2026-02-24
References
https://plugins.trac.wordpress.org/browser/simple-local-avatars/tags/2.8.4/includes/class-simple-local-avatars.php#L123 https://plugins.trac.wordpress.org/browser/simple-local-avatars/tags/2.8.4/includes/class-simple-local-avatars.php?marks=1663-1672#L1663 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340223%40simple-local-avatars&new=3340223%40simple-local-avatars&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/69d78334-2b38-43ee-acf6-c073d5826213?source=cve
Patch
https://wordpress.org/plugins/simple-local-avatars/
Share on: