Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 6:45 a.m.12 views

CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS5.9AI score0.0035EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/15 9:46 p.m.35 views

CVE-2026-45338 Open WebUI: SSRF via OAuth Profile Picture URL in _process_picture_url (oauth.py)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, a Server-Side Request Forgery SSRF vulnerability exists in processpictureurl in backend/openwebui/utils/oauth.py line 1338. The function fetches arbitrary URLs from OAuth picture...

7.7CVSS0.00381EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 9:44 p.m.22 views

CVE-2026-45299

Open WebUI had a stored XSS vulnerability in the profile_image_url field on the user profile update form prior to version 0.8.0, due to lack of MIME-type validation for data URIs. Two attack paths were demonstrated: (1) data:text/html;base64… opened in a new tab, and (2) data:image/svg+xml;base64...

5.4CVSS5.9AI score0.00199EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/10/04 12:15 p.m.3 views

CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

5.4CVSS5.8AI score0.006EPSS
Exploits3References1
Prion
Prion
added 2021/10/04 12:15 p.m.12 views

Cross site scripting

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored Cross-Site attack...

3.5CVSS5.3AI score0.006EPSS
Exploits3References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/09/06 12:0 a.m.6 views

VulnCheck KEV: CVE-2021-24654

The User Registration WordPress plugin before 2.0.2 does not properly sanitise the userregistrationprofilepicurl value when submitted directly via the userregistrationupdateprofiledetails AJAX action. This could allow any authenticated user, such as subscriber, to perform Stored...

5.4CVSS6AI score0.006EPSS
Exploits3References1
Rows per page
Query Builder