331 matches found
CVE-2024-12821
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upmuploadmedia function in all versions up to, and including, 3.12.0. This makes it possible for authenticated...
CVE-2024-12822 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the addcaptoimg function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated...
CVE-2024-12822 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the addcaptoimg function in all versions up to, and including, 3.11.0. This makes it possible for unauthenticated...
CVE-2024-12821 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upmuploadmedia function in all versions up to, and including, 3.12.0. This makes it possible for authenticated...
CVE-2024-12821 Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upmuploadmedia function in all versions up to, and including, 3.12.0. This makes it possible for authenticated...
CVE-2024-12821
The CVE-2024-12821 entry concerns the WordPress plugin Media Manager for UserPro. A missing capability check in upm_upload_media() affects all versions up to 3.12.0, allowing authenticated users with Subscriber+ privileges to modify arbitrary options and potentially set the default registration r...
PT-2025-1959 · WordPress · Media Manager For Userpro
Name of the Vulnerable Software and Affected Versions: Media Manager for UserPro plugin for WordPress versions up to, and including, 3.12.0 Description: The issue allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site due to a missi...
PT-2025-1960 · WordPress · Media Manager For Userpro
Name of the Vulnerable Software and Affected Versions: Media Manager for UserPro plugin for WordPress versions up to, and including, 3.11.0 Description: The issue concerns unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add capto im...
WordPress plugin Media Manager for UserPro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Media Manager for UserPro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-22322
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...
CVE-2025-22311
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...
CVE-2025-22311 WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0...
CVE-2025-22322 WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0...
CVE-2025-22311 WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...
CVE-2025-22322
CVE-2025-22322: Reflected XSS in WordPress Private Messages for UserPro plugin (NotFound Private Messages for UserPro) up to version 4.10.0. CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L; impact limited to confidentiality, integrity, and availability as per the provided metrics. No remediation de...
CVE-2025-22311
CVE-2025-22311 is a Local File Inclusion vulnerability in the WordPress plugin Private Messages for UserPro (NotFound Private Messages) with affected versions up to 4.10.0. The root cause is improper control of filenames for Include/Require in PHP. Public sources in the Connected Documents confir...
WordPress plugin Private Messages for UserPro 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Private Messages for UserPro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-4437 · Userpro · Private Messages For Userpro
Name of the Vulnerable Software and Affected Versions: Private Messages for UserPro versions n/a through 4.10.0 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious scripts in...