22 matches found
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...
CVE-2025-60245
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...
CVE-2025-60245
CVE-2025-60245 describes a Deserialization of Untrusted Data vulnerability in the WP User Manager WordPress plugin (versions
EUVD-2024-40226
Malicious code in bioql PyPI...
CVE-2024-10216
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...
CVE-2024-43336
Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...
CVE-2024-10537
CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check in validate_user_meta_key() across versions up to and including 2.9.11. This allows authenticated attackers with Subscriber-leve...
CVE-2024-10537 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...
CVE-2024-10216 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...
WordPress WP User Manager Plugin <= 2.9.11 is vulnerable to Broken Access Control
Software WP User Manager Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10537 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 15d82a7ba59b Credits Tieu Pham Trong Nhan Requir...
PT-2024-16120 · Unknown +1 · Wp User Manager +2
Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to a missing capability check on the add sidebar and remove sidebar functions. This allows...
PT-2024-16353 · WordPress · Wp User Manager
Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to unauthorized access of data due to a missing capability check on the validate user meta ke...
CVE-2024-43336
Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...
CVE-2024-43336
WP User Manager plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability, impacting versions up to and including 2.9.10. The issue enables unintended actions on a user’s account via CSRF, per Red Hat and other vulnerability sources. The CVSS score in the initial data ...
WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP User Manager versions = 2.9.10...
WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...
CVE-2021-24655
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account...
CVE-2021-24655
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account...
Default credentials
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password to an arbitrary value of any user knowing only their ID, and gain access to their account...
CVE-2021-24655
The WP User Manager WordPress plugin (≤ 2.6.3) has a vulnerability where the password reset mechanism does not verify that the reset key maps to the targeted user ID. An authenticated attacker who knows a user’s ID can reset that user’s password to an arbitrary value, gaining account access. A pa...