Lucene search
+L

11 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44875

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-12525

CVE-2026-12525 affects the Redux Framework WordPress plugin prior to 4.5.13. The vulnerability arises because the plugin does not restrict which user_meta keys can be written when saving custom profile fields, enabling users with at least the Subscriber role to escalate to Administrator while upd...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 9:15 a.m.12 views

CVE-2025-15516

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.3 views

CVE-2025-15516 All-in-One Video Gallery 4.1.0 - 4.6.4 - Missing Authorization to Authenticated (Subscriber+) Limited User Meta Update

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS6AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2025/12/13 4:16 p.m.5 views

CVE-2025-12512

The GenerateBlocks plugin for WordPress is vulnerable to information exposure due to missing object-level authorization checks in versions up to, and including, 2.1.2. This is due to the plugin registering multiple REST API routes under generateblocks/v1/meta/ that gate access with...

4.3CVSS0.00342EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-33434

Malicious code in bioql PyPI...

4.3CVSS8.6AI score0.00366EPSS
Exploits0References2
NVD
NVD
added 2024/11/23 4:15 a.m.31 views

CVE-2024-10537

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

4.3CVSS0.00366EPSS
Exploits0References2
OSV
OSV
added 2024/11/23 4:15 a.m.5 views

CVE-2024-10537

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2024/11/23 3:25 a.m.58 views

CVE-2024-10537

CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check in validate_user_meta_key() across versions up to and including 2.9.11. This allows authenticated attackers with Subscriber-leve...

4.3CVSS4.2AI score0.00366EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/23 3:25 a.m.35 views

CVE-2024-10537 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

4.3CVSS0.00366EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/22 9:31 p.m.6 views

WordPress WP User Manager plugin <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration vulnerability

Missing Authorization to Authenticated Subscriber+ User Meta Key Enumeration vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WP User Manager versions = 2.9.11...

4.3CVSS7AI score0.00366EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder