4.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Scott Taylor Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Avatar: from n/a through 0.1.4.
References
Affected products
- =<0.1.4
Matching in nixpkgs
pkgs.yunfaavatar
Utility for automatic centralized changing of avatar in Github, Discord, Steam, Shikimori, and many more
-
nixos-unstable -
- nixpkgs-unstable 0.2.0
pkgs.kdePackages.libgravatar
Library that provides Gravatar support
-
nixos-unstable -
- nixpkgs-unstable 25.08.1
pkgs.gnomeExtensions.gravatar
Synchronize GNOME Shell user icon with an avatar service, one of Gravatar or Libravatar.
-
nixos-unstable -
- nixpkgs-unstable 8
pkgs.haskellPackages.gravatar
Generate Gravatar image URLs
-
nixos-unstable -
- nixpkgs-unstable 0.8.1
pkgs.haskellPackages.libravatar
Use Libravatar, the decentralized avatar delivery service
-
nixos-unstable -
- nixpkgs-unstable 0.4.0.2
pkgs.rubyPackages.jekyll-avatar
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.python312Packages.libgravatar
Library that provides a Python 3 interface for the Gravatar API
-
nixos-unstable -
- nixpkgs-unstable 1.0.4
pkgs.python313Packages.libgravatar
Library that provides a Python 3 interface for the Gravatar API
-
nixos-unstable -
- nixpkgs-unstable 1.0.4
pkgs.rubyPackages_3_1.jekyll-avatar
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.rubyPackages_3_2.jekyll-avatar
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.rubyPackages_3_3.jekyll-avatar
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.rubyPackages_3_4.jekyll-avatar
None
-
nixos-unstable -
- nixpkgs-unstable 0.7.0
pkgs.python312Packages.flask-gravatar
Small and simple integration of gravatar into flask
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.python313Packages.flask-gravatar
Small and simple integration of gravatar into flask
-
nixos-unstable -
- nixpkgs-unstable 0.5.0
pkgs.python312Packages.django-gravatar2
Essential Gravatar support for Django
-
nixos-unstable -
- nixpkgs-unstable gravatar2-1.4.5
pkgs.python313Packages.django-gravatar2
Essential Gravatar support for Django
-
nixos-unstable -
- nixpkgs-unstable gravatar2-1.4.5
pkgs.perlPackages.MojoliciousPluginGravatar
Globally Recognized Avatars for Mojolicious
-
nixos-unstable -
- nixpkgs-unstable 0.04
pkgs.perl538Packages.MojoliciousPluginGravatar
Globally Recognized Avatars for Mojolicious
-
nixos-unstable -
- nixpkgs-unstable 0.04
pkgs.perl540Packages.MojoliciousPluginGravatar
Globally Recognized Avatars for Mojolicious
-
nixos-unstable -
- nixpkgs-unstable 0.04
-
nixos-unstable -
- nixpkgs-unstable 1.4.1
pkgs.gnomeExtensions.user-avatar-in-quick-settings
Display the user avatar in the Quick Settings menu, part of the "System" settings
-
nixos-unstable -
- nixpkgs-unstable 9
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@K900 Ilya K. <me@0upti.me>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@stigtsp Stig Palmquist <stig@stig.io>
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@yunfachi Yunfachi <yunfachi@gmail.com>