CVE-2021-24170 Scanner

The User Profile Picture plugin by Cozmoslabs is commonly used in WordPress environments to enhance user profiles by allowing users to add or modify profile images. It is favored by website administrators for its ease of integration and customization options within the WordPress framework. The plugin is typically used in a wide range of websites ranging from personal blogs to large corporate websites to provide an enhanced user interface.

This vulnerability pertains to an Information Disclosure issue within the User Profile Picture plugin for WordPress. The REST API endpoint, intended to facilitate user profile image management, inadvertently exposed sensitive user information, such as password hashes and email addresses, to unauthorized users possessing the 'upload_files' capability. This flaw can lead to significant security risks if exploited by malicious attackers.

Technically, the vulnerability arises due to improper access control and an overly permissive implementation of the REST API within the plugin. The endpoint /mpp/v2/get_users is inadequately protected, allowing unauthorized disclosure of sensitive user information. The issue manifests on installations prior to version 2.5.0, where requests can be made to leak confidential user details without stringent access checks.

Exploiting this vulnerability could lead to significant security issues. Attackers with access to sensitive information such as password hashes or user activation keys might perform further attacks such as brute-force attempts or unauthorized impersonation. Insecure systems could be leveraged for data theft, leading to potential reputational damage and loss of user trust.

REFERENCES

• https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/
• https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc/
• https://nvd.nist.gov/vuln/detail/CVE-2021-24170