CVE-2021-24170 - OpenCVE

The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cozmoslabs	User Profile Picture

Configuration 1 [-]

cpe:2.3:a:cozmoslabs:user_profile_picture:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc
https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-04-05T18:27:44

Updated: 2024-08-03T19:21:18.636Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24170

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-05T19:15:15.797

Modified: 2021-04-09T19:34:59.337

Link: CVE-2021-24170

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "User Profile Picture", "vendor": "Unknown", "versions": [{"lessThan": "2.5.0", "status": "affected", "version": "2.5.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chloe Chamberland"}], "descriptions": [{"lang": "en", "value": "The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-05T18:27:44", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc"}, {"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/"}], "source": {"discovery": "UNKNOWN"}, "title": "User Profile Picture < 2.5.0 - Sensitive Information Disclosure", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24170", "STATE": "PUBLIC", "TITLE": "User Profile Picture < 2.5.0 - Sensitive Information Disclosure"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "User Profile Picture", "version": {"version_data": [{"version_affected": "<", "version_name": "2.5.0", "version_value": "2.5.0"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Chloe Chamberland"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc", "refsource": "CONFIRM", "url": "https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc"}, {"name": "https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:21:18.636Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24170", "datePublished": "2021-04-05T18:27:44", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:21:18.636Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:user_profile_picture:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "73606509-3C7C-402D-9043-A9997FA8BC16", "versionEndExcluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information."}, {"lang": "es", "value": "El endpoint de la API REST get_users en el plugin de WordPress User Profile Picture versiones anteriores a 2.5.0, devolvi\u00f3 m\u00e1s informaci\u00f3n de la necesaria para su funcionalidad a usuarios con la capacidad upload_files. Esto inclu\u00eda hash de contrase\u00f1a, claves de activaci\u00f3n de usuario con hash, nombres de usuario, correos electr\u00f3nicos y otra informaci\u00f3n menos confidencial"}], "id": "CVE-2021-24170", "lastModified": "2021-04-09T19:34:59.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-05T19:15:15.797", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/29fc5b0e-0a5f-4484-a1e6-a0a1206726cc"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "contact@wpscan.com", "type": "Secondary"}]}