74 matches found
WordPress UsersWP plugin <= 1.2.44 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin UsersWP versions = 1.2.44...
PT-2025-36344
Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions through 1.2.44 Description: The UsersWP plugin for WordPress is susceptible to a time-based SQL Injection issue due to...
WordPress plugin UsersWP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2025-9344
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...
CVE-2025-9344
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...
CVE-2025-9344
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...
CVE-2025-9344
CVE-2025-9344 affects the WordPress plugin UsersWP (Front-end login, User Registration, User Profile & Members Directory) up to version 1.2.42. The issue is a Stored Cross-Site Scripting (XSS) vulnerability via uwp_profile and uwp_profile_header shortcodes caused by insufficient input sanitizatio...
CVE-2025-9344 UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...
PT-2025-34958
Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP versions prior to 1.2.43 Description: The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPre...
WordPress UsersWP plugin <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin UsersWP versions = 1.2.42...
CVE-2024-6477
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...
CVE-2024-6265
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...
CVE-2024-43277 WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15...
WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin UsersWP versions = 1.2.15...
WordPress UsersWP Plugin <= 1.2.15 is vulnerable to Broken Access Control
Software UsersWP Type Plugin Vulnerable versions = 1.2.15 Fixed in 1.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43277 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e8ba6491acea Credits Ananda Dhakal Patchstack Required...
WordPress UsersWP plugin < 1.2.12 - Users Information Disclosure vulnerability
Users Information Disclosure vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin UsersWP versions 1.2.12...
CVE-2024-6477
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...
CVE-2024-6477
CVE-2024-6477 affects the UsersWP WordPress plugin prior to 1.2.12. The vulnerability arises from predictable filenames generated for admin exports, allowing unauthenticated attackers to download exports and access sensitive user data (IP, username, email). Public sources in connected documents c...
PT-2024-37654 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.12 Description: The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when ...
WordPress plugin UsersWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...