CVE-2025-8482 – WordPress Simple Local Avatars Unauthenticated Data Modification Vulnerability

CVE ID : CVE-2025-8482

Published : Aug. 12, 2025, 7:15 a.m. | 29 minutes ago

Description : The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…