Simple Local Avatars

Vulnerabilities 5Slug simple-local-avatarsLatest version 2.8.6WordPress.org →

Minimum safe version

2.8.5

Update to 2.8.5 or later to address 5 fixable vulnerabilities

Latest available2.8.6 ✓

Medium 4.3

2025-08-12< 2.8.5

WordPress Simple Local Avatars Plugin <= 2.8.4 is vulnerable to Broken Access Control

Medium 4.3

2024-11-16< 2.8.0

CVE-2024-10786

High 8.8

2024-08-26< 2.7.11

CVE-2024-43116

High 7.5

2023-02-23< 2.7.4

http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS)

Critical 9.8

2023-02-23< 2.7.4

simple-git < 3.16.0 - Remote Code Execution