Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.

Published: Jun 6, 2011
Updated: Nov 9, 2025
CVE: CVE-2011-1950
GHSA: GHSA-2qx8-589j-gcpx
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
plone / plone	4.1	4.1.x
plone / plone	4.0	4.0.x
plone.app.users	1.0a1	1.0.5
plone.app.users	1.1b1	1.1.1
plone	4.0.1	4.0.6

http://osvdb.org/72729
http://plone.org/products/plone/security/advisories/CVE-2011-1950
http://secunia.com/advisories/44775
http://securityreason.com/securityalert/8269
http://www.securityfocus.com/archive/1/518155/100/0/threaded
http://www.securityfocus.com/bid/48005
https://exchange.xforce.ibmcloud.com/vulnerabilities/67695

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo