23 matches found
EUVD-2024-49982
Malicious code in bioql PyPI...
EUVD-2024-49983
Malicious code in bioql PyPI...
EUVD-2024-49981
Malicious code in bioql PyPI...
CVE-2024-9520
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...
CVE-2024-9518
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...
CVE-2024-9519
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
CVE-2024-52442 WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through = 2.0...
WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin UserPlus versions = 2.0...
WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation
Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-52442 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1a20cf86d1cd Credits João Pedro S...
WordPress UserPlus plugin <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation vulnerability
Authenticated Editor+ Registration Form Update to Privilege Escalation vulnerability discovered by István Márton in WordPress Plugin UserPlus versions = 2.0...
CVE-2024-9519
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
CVE-2024-9519
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
CVE-2024-9518 UserPlus <= 2.0 - Unauthenticated Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...
CVE-2024-9518
CVE-2024-9518 affects the WordPress plugin UserPlus (versions up to 2.0). The issue is unauthenticated privilege escalation caused by insufficient restriction on the functions form_actions and userplus_update_user_profile, allowing an attacker to specify a higher user role via the role parameter ...
CVE-2024-9519
CVE-2024-9519 affects the WordPress plugin UserPlus (versions up to 2.0). Root cause: an improper capability check in the function save_metabox_form . Impact: authenticated attackers with Editor+ permissions can update the registration form role to Administrator , causing privilege escalation and...
CVE-2024-9519 UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation
Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9519 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 64930a4c20d0 Credits István Márton Required privilege...
WordPress plugin UserPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin UserPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2024-39674 · WordPress · Userplus
Name of the Vulnerable Software and Affected Versions: UserPlus plugin for WordPress versions prior to 2.1 Description: The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This makes it...