Aggregates CVE and security vulnerability intelligence across all onedesigns-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk csrf, with potential vendor impact session compromise across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-24675 | The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack | [email protected] | 6.5 | 0.55% | 2021-10-18 | 2026-06-16 |
| CVE-2021-24672 | The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | [email protected] | 5.4 | 0.63% | 2021-10-18 | 2026-06-16 |
| CVE-2011-3860 | Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | [email protected] | 4.3 | 3.41% | 2011-09-28 | 2026-06-16 |