Lucene search
K

74 matches found

Patchstack
Patchstack
added 2025/09/06 12:6 a.m.6 views

WordPress UsersWP plugin <= 1.2.44 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin UsersWP versions = 1.2.44...

6.5CVSS7.8AI score0.00311EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/06 12:0 a.m.11 views

PT-2025-36344

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions through 1.2.44 Description: The UsersWP plugin for WordPress is susceptible to a time-based SQL Injection issue due to...

6.5CVSS7AI score0.00311EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/09/06 12:0 a.m.5 views

WordPress plugin UsersWP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS7.6AI score0.00311EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/30 6:19 p.m.3 views

CVE-2025-9344

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...

6.4CVSS5.1AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 3:15 a.m.3 views

CVE-2025-9344

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...

6.4CVSS0.00216EPSS
Exploits0References3
OSV
OSV
added 2025/08/28 3:15 a.m.4 views

CVE-2025-9344

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...

6.4CVSS5.1AI score
Exploits0References3
CVE
CVE
added 2025/08/28 1:46 a.m.20 views

CVE-2025-9344

CVE-2025-9344 affects the WordPress plugin UsersWP (Front-end login, User Registration, User Profile & Members Directory) up to version 1.2.42. The issue is a Stored Cross-Site Scripting (XSS) vulnerability via uwp_profile and uwp_profile_header shortcodes caused by insufficient input sanitizatio...

6.4CVSS5.6AI score0.00216EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/28 1:46 a.m.8 views

CVE-2025-9344 UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwpprofile' and 'uwpprofileheader' shortcodes in all versions up to, and including, 1.2.42 due to insufficient...

6.4CVSS0.00216EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.3 views

PT-2025-34958

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP versions prior to 1.2.43 Description: The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPre...

6.4CVSS5.1AI score0.00216EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/08/27 10:10 p.m.4 views

WordPress UsersWP plugin <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin UsersWP versions = 1.2.42...

6.4CVSS5.5AI score0.00216EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.5 views

CVE-2024-6477

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

7.5CVSS6.5AI score0.00575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:9 a.m.9 views

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

9.8CVSS7.5AI score0.024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/01 2:17 p.m.13 views

CVE-2024-43277 WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15...

5.3CVSS7.2AI score0.00394EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/08/16 9:46 a.m.4 views

WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin UsersWP versions = 1.2.15...

5.3CVSS7AI score0.00394EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.9 views

WordPress UsersWP Plugin <= 1.2.15 is vulnerable to Broken Access Control

Software UsersWP Type Plugin Vulnerable versions = 1.2.15 Fixed in 1.2.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43277 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e8ba6491acea Credits Ananda Dhakal Patchstack Required...

5.3CVSS6.3AI score0.00394EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/08/05 2:34 a.m.5 views

WordPress UsersWP plugin < 1.2.12 - Users Information Disclosure vulnerability

Users Information Disclosure vulnerability discovered by Majdeddine Ben Hadj Brahim in WordPress Plugin UsersWP versions 1.2.12...

7.5CVSS6.6AI score0.00575EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/03 6:16 a.m.2 views

CVE-2024-6477

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

7.5CVSS5.8AI score0.00575EPSS
Exploits1References1
CVE
CVE
added 2024/08/03 6:0 a.m.53 views

CVE-2024-6477

CVE-2024-6477 affects the UsersWP WordPress plugin prior to 1.2.12. The vulnerability arises from predictable filenames generated for admin exports, allowing unauthenticated attackers to download exports and access sensitive user data (IP, username, email). Public sources in connected documents c...

7.5CVSS6AI score0.00575EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.4 views

PT-2024-37654 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.12 Description: The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when ...

7.5CVSS6.4AI score0.00575EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/08/03 12:0 a.m.4 views

WordPress plugin UsersWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.00575EPSS
Exploits1References3
Rows per page
Query Builder