WordPress UserPlus plugin <= 2.0 - Missing Authorization via Multiple Functions vulnerability

Missing Authorization via Multiple Functions vulnerability discovered by István Márton - Wordfence in WordPress Plugin UserPlus versions = 2.0...

WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-52442 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1a20cf86d1cd Credits João Pedro S...

WordPress UserPlus Plugin <= 2.0 is vulnerable to Privilege Escalation

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-9519 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 64930a4c20d0 Credits István Márton Required privilege...

PT-2024-39672 · WordPress · Userplus

Name of the Vulnerable Software and Affected Versions: UserPlus plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to privilege escalation due to insufficient restriction on the form actions and userplus update user profile functions. This allows...

WordPress UserPlus Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0824 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 16e46e951741 Credits Shreya Pohekar Required privilege...