74 matches found
WordPress UsersWP plugin <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' vulnerability
Unauthenticated SQL Injection via 'uwpsortby' vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin UsersWP versions = 1.2.10...
CVE-2024-6265
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...
CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...
WordPress plugin UsersWP security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-37495 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.10 Description: The issue is related to time-based SQL Injection via the uwp sort by parameter due to...
CVE-2024-2423
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...
WordPress Plugin UsersWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...
PT-2024-20321 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on...
CVE-2022-47442 WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection
Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...
WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection
Software UsersWP Type Plugin Vulnerable versions = 1.2.3.9 Fixed in 1.2.3.10 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-47442 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 9e86dfeb7cfc Credits Justiice Required privilege Subscriber Published 20...
CVE-2022-0442
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...
CVE-2022-0442
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...
PT-2022-13187 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.3.1 Description: The issue is related to missing access controls when updating a user avatar and the lack of unique file names for user avatars. This allows a logged-in user to overwrite another...
UsersWP < 1.2.2.29 - Reflected Cross-Site Scripting
The plugin sanitises user input via sanitizetextfield but do not escape it before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues PoC On the reset page made by the plugin: https://example.com/reset/?key=a=%22accesskey=X%20onclick=alert1%20b=%22...