Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jvwn-yw13-gfe9
Vulnerability ID VCID-jvwn-yw13-gfe9
Aliases CVE-2011-1950
GHSA-2qx8-589j-gcpx
PYSEC-2011-16
Summary plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://osvdb.org/72729
http://plone.org/products/plone/security/advisories/CVE-2011-1950
http://secunia.com/advisories/44775
http://securityreason.com/securityalert/8269
https://exchange.xforce.ibmcloud.com/vulnerabilities/67695
https://github.com/advisories/GHSA-2qx8-589j-gcpx
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2011-16.yaml
http://www.securityfocus.com/archive/1/518155/100/0/threaded
http://www.securityfocus.com/bid/48005
CVE-2011-1950 https://nvd.nist.gov/vuln/detail/CVE-2011-1950
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:03:12.884102+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2011-16.yaml 38.6.0