WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress WPQAs plugin versions prior to 5.2 are vulnerable to an authorization issue that stems from a failure to verify that the value of the image_id parameter of wpqa_remove_image passed to the ajax operation belongs to the requesting user. id parameter value passed to the ajax operation belongs to the requesting user. An attacker could use this vulnerability to remove any other userβs profile image.