Remove anyone's pic gravtar

Disclosed: 2016-06-05 05:42:50 By akshyy To automattic
Unknown
Vulnerability Details
Hi, There is no csrf token while removing image Attacker can Delete Victim's Gravtar Image Just by sending Link Poc: https://en.gravatar.com/emails/remove-userimage/you_email_image_id here Thanks :)
Actions
View on HackerOne
Report Stats
  • Report ID: 101145
  • State: Closed
  • Substate: resolved
  • Upvotes: 2
Share this report