EUVD-2026-20043

The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspnajaxnoprivserver function within the 'userspnformsave' case. The conditional...

CVE-2026-4003 Users manager – PN <= 1.1.15 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX Action

The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspnajaxnoprivserver function within the 'userspnformsave' case. The conditional...

CVE-2025-15027

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jayloginregisterajaxcreatefinaluser' function. This makes it possible for...

CVE-2025-15100

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jaypanelajaxupdateprofile' function. This makes it possible for authenticated...

CVE-2025-15027

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jayloginregisterajaxcreatefinaluser' function. This makes it possible for...

CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2025-13383

CVE-2025-13383 concerns the WordPress plugin “Job Board by BestWebSoft.” The issue is a stored XSS caused by unsafely storing the entire GET array via update_user_meta() and later outputting it without proper escaping, enabling unauthenticated attackers to inject scripts when users view saved sea...

WordPress plugin Social Streams 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-4315

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the updateusermeta function. This makes it possible for...

PT-2024-37805 · WordPress · Fundengine

Name of the Vulnerable Software and Affected Versions: FundEngine plugin for WordPress versions up to, and including, 1.7.0 Description: The issue is due to the plugin not properly verifying user meta updated through the update user meta function. This allows authenticated attackers, with...

CVE-2020-36666

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPre...

PT-2023-11833 · E Plugins · Final-User-Wp-Frontend-User-Profiles +9

Name of the Vulnerable Software and Affected Versions: directory-pro WordPress plugin versions prior to 1.9.5 final-user-wp-frontend-user-profiles WordPress plugin versions prior to 1.2.2 photographer-directory WordPress plugin versions prior to 1.0.9 real-estate-pro WordPress plugin versions pri...

WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation

WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...