On February 15, 2021, our Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in User Profile Picture, a WordPress plugin installed on over 60,000 sites. The vulnerability made it possible for authenticated users with the upload_files capability to obtain sensitive user information. We initially reached out to Cozmoslabs, the … Continue reading Medium Severity Vulnerability Patched in User Profile Picture Plugin