CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

WordPress Upload Quota per User plugin <= 1.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Upload Quota per User versions = 1.3...

CVE-2024-6624

The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin require...

CVE-2025-23581 WordPress Demo User DZS plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Digital Zoom Studio Demo User DZS allows Stored XSS. This issue affects Demo User DZS: from n/a through 1.1.0...

WordPress WP-Ban-User plugin <= 1.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP-Ban-User versions = 1.0...

CVE-2024-7607

The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

WordPress Active User Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Active User Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 168aede3d371 Credits Rafie Muhammad Patchstack Required...

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Cross site scripting

UNSUPPORTED WHEN ASSIGNED The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2023-21397 · Mybb · Export User Plugin

Name of the Vulnerable Software and Affected Versions: Export User plugin through 2.0 for MyBB Description: The issue allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. This affects products that are no longer supported b...

MyBB 跨站脚本漏洞

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is easy to use, supports multiple languages, scalable and so on. A security vulnerability exists in MyBB Export User plugin version 2.0 and prior versions, which stems from a...

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

WordPress Custom Add User Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom Add User Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0043 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c948921589af Credits Shreya Pohekar Required...

CVE-2023-0043 Custom Add User <= 2.0.2 - Reflected Cross-Site Scripting

The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...

CVE-2022-4519

The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

Cross site scripting

The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2022-4519

The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...