Lucene search
K

74 matches found

Patchstack
Patchstack
added 2024/07/01 3:48 a.m.6 views

WordPress UsersWP plugin <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' vulnerability

Unauthenticated SQL Injection via 'uwpsortby' vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin UsersWP versions = 1.2.10...

9.8CVSS8.1AI score0.024EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/29 5:15 a.m.3 views

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

9.8CVSS5.8AI score0.024EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/29 4:33 a.m.15 views

CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

9.8CVSS7.5AI score0.024EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.4 views

WordPress plugin UsersWP security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS7.8AI score0.024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/29 12:0 a.m.8 views

PT-2024-37495 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.10 Description: The issue is related to time-based SQL Injection via the uwp sort by parameter due to...

9.8CVSS8.1AI score0.024EPSS
Exploits0References7
OSV
OSV
added 2024/04/09 7:15 p.m.1 views

CVE-2024-2423

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...

6.4CVSS7.4AI score0.00446EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

WordPress Plugin UsersWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...

6.4CVSS7.6AI score0.00446EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.3 views

PT-2024-20321 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on...

6.4CVSS9.1AI score0.00446EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/11/07 3:9 p.m.45 views

CVE-2022-47442 WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...

5.8CVSS8.9AI score0.00682EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/02/20 12:0 a.m.10 views

WordPress UsersWP Plugin <= 1.2.3.9 is vulnerable to CSV Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.3.9 Fixed in 1.2.3.10 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2022-47442 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 9e86dfeb7cfc Credits Justiice Required privilege Subscriber Published 20...

8.8CVSS7.2AI score0.00682EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/07 9:15 a.m.6 views

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

4.3CVSS5.8AI score0.00644EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/07 9:15 a.m.7 views

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...

4.3CVSS5.5AI score0.00644EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/03/07 12:0 a.m.6 views

PT-2022-13187 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.3.1 Description: The issue is related to missing access controls when updating a user avatar and the lack of unique file names for user avatars. This allows a logged-in user to overwrite another...

4.3CVSS4.4AI score0.00644EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.12 views

UsersWP < 1.2.2.29 - Reflected Cross-Site Scripting

The plugin sanitises user input via sanitizetextfield but do not escape it before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues PoC On the reset page made by the plugin: https://example.com/reset/?key=a=%22accesskey=X%20onclick=alert1%20b=%22...

1.3AI score
Exploits0Affected Software1
Rows per page
Query Builder