CVE-2023-6384 Information

Description

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation allowing authors to delete and update arbitrary avatar

Reference

https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/