CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...

6.3CVSS6.5AI score0.00114EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 12:18 p.m.•3 views

CVE-2024-52442

Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through = 2.0...

9.8CVSS7.2AI score0.00197EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 4:43 a.m.•5 views

CVE-2024-9518

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...

9.8CVSS7.1AI score0.00955EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 4:18 a.m.•3 views

CVE-2024-9519

The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...

7.2CVSS6.6AI score0.0023EPSS

Exploits0References1

NVD•added 2024/11/20 12:15 p.m.•12 views

CVE-2024-52442

Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through = 2.0...

9.8CVSS0.00197EPSS

Exploits0References1

CVE•added 2024/11/20 11:56 a.m.•52 views

CVE-2024-52442

CVE-2024-52442 describes an Incorrect Privilege Assignment vulnerability in the WordPress plugin UserPlus (User registration & user profile – UserPlus) that allows Privilege Escalation. The entry covers versions n/a through 2.0. The CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vecto...

9.8CVSS7.2AI score0.00197EPSS

Exploits0References1

Vulnrichment•added 2024/11/20 11:56 a.m.•13 views

CVE-2024-52442 WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through = 2.0...

9.8CVSS7.2AI score0.00197EPSS

Exploits0References1

Cvelist•added 2024/11/20 11:56 a.m.•16 views

CVE-2024-52442 WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through = 2.0...

9.8CVSS0.00197EPSS

Exploits0References1

Positive Technologies•added 2024/11/20 12:0 a.m.•1 views

PT-2024-35282 · Userplus · Userplus

Name of the Vulnerable Software and Affected Versions: UserPlus versions n/a through 2.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in UserPlus, which allows Privilege Escalation. Recommendations: For versions n/a through 2.0, update to a version that...

9.8CVSS9.4AI score0.00197EPSS

Exploits0References5

CNNVD•added 2024/11/20 12:0 a.m.•1 views

WordPress plugin UserPlus 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS8.2AI score0.00197EPSS

Exploits0References1

Patchstack•added 2024/11/18 8:57 a.m.•2 views

WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin UserPlus versions = 2.0...

9.8CVSS7AI score0.00197EPSS

Exploits0Affected Software1

Patchstack•added 2024/11/18 12:0 a.m.•15 views

WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-52442 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1a20cf86d1cd Credits João Pedro S...

9.8CVSS6.6AI score0.00197EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/10 2:58 p.m.•3 views

WordPress UserPlus plugin <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation vulnerability

Authenticated Editor+ Registration Form Update to Privilege Escalation vulnerability discovered by István Márton in WordPress Plugin UserPlus versions = 2.0...

7.2CVSS7AI score0.0023EPSS

Exploits0References1Affected Software1

NVD•added 2024/10/10 3:15 a.m.•8 views

CVE-2024-9520

6.3CVSS0.00114EPSS

Exploits0References4