46 matches found
CVE-2024-9519
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
CVE-2024-9518
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...
CVE-2024-9518
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...
CVE-2024-9519
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
CVE-2024-9520 UserPlus <= 2.0 - Missing Authorization via Multiple Functions
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...
CVE-2024-9520
CVE-2024-9520 refers to the WordPress WordPress UserPlus plugin, with vulnerable versions up to and including 2.0. The root cause is a missing capability check on multiple functions, allowing authenticated users with subscriber-level permissions or higher to add, modify, or delete user meta and p...
CVE-2024-9520 UserPlus <= 2.0 - Missing Authorization via Multiple Functions
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, ...
CVE-2024-9518 UserPlus <= 2.0 - Unauthenticated Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...
CVE-2024-9518 UserPlus <= 2.0 - Unauthenticated Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...
CVE-2024-9518
CVE-2024-9518 affects the WordPress plugin UserPlus (versions up to 2.0). The issue is unauthenticated privilege escalation caused by insufficient restriction on the functions form_actions and userplus_update_user_profile, allowing an attacker to specify a higher user role via the role parameter ...
CVE-2024-9519 UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
CVE-2024-9519
CVE-2024-9519 affects the WordPress plugin UserPlus (versions up to 2.0). Root cause: an improper capability check in the function save_metabox_form . Impact: authenticated attackers with Editor+ permissions can update the registration form role to Administrator , causing privilege escalation and...
CVE-2024-9519 UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'savemetaboxform' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...
WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation
Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9519 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 64930a4c20d0 Credits István Márton Required privilege...
WordPress plugin UserPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin UserPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin UserPlus 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...
PT-2024-39674 · WordPress · Userplus
Name of the Vulnerable Software and Affected Versions: UserPlus plugin for WordPress versions prior to 2.1 Description: The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This makes it...
PT-2024-39673 · WordPress · Userplus
Name of the Vulnerable Software and Affected Versions: UserPlus plugin for WordPress versions up to, and including, 2.0 Description: The issue arises from an improper capability check on the save metabox form function, allowing authenticated attackers with editor-level permissions or above to...
PT-2024-39672 · WordPress · Userplus
Name of the Vulnerable Software and Affected Versions: UserPlus plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to privilege escalation due to insufficient restriction on the form actions and userplus update user profile functions. This allows...