Lucene search
K

136 matches found

CVE
CVE
added 6 days ago15 views

CVE-2026-12097

The CVE covers the WordPress User Management plugin (versions up to and including 1.2). Affected component: the plugin’s authorization flow; root cause is improper verification of a user’s permission, enabling an authorization bypass. Impact: unauthenticated attackers can modify the plugin’s expo...

5.3CVSS5.9AI score0.00255EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.6 views

CVE-2026-57334

Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 1:36 p.m.7 views

EUVD-2026-40105

Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.41 views

CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-49766

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:19 p.m.22 views

CVE-2026-49766

CVE-2026-49766 affects the WordPress plugin WP User Manager (versions ≤ 2.9.16). The vulnerability is described as an Arbitrary File Deletion issue reported for subscribers. The available metrics indicate a CRITICAL impact (CVSS 3.1: 9.9; NETWORK attack vector; LOW privileges required; no user in...

9.9CVSS5.2AI score0.00506EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/09 9:22 a.m.11 views

WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion vulnerability

Unauthenticated Path Traversal to Local File Inclusion vulnerability discovered by Yat in WordPress Plugin WP User Manager versions = 2.9.17...

7.5CVSS5.5AI score0.02403EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 8:48 p.m.12 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Pack Cancellation vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.3.2...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/06 12:31 a.m.14 views

EUVD-2026-34928

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References14
CVE
CVE
added 2026/06/05 11:28 p.m.43 views

CVE-2026-9290

The affected product is the WordPress plugin “WP User Manager – User Profile Builder & Membership.” CVE-2026-9290 describes a Local File Inclusion (LFI) vulnerability in all versions up to and including 2.9.17, exploitable via the profile template scope function. This allows unauthenticated attac...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6506

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoogdprupddata function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This...

8.8CVSS5.4AI score0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 2:27 a.m.11 views

CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/05/26 6:10 a.m.101 views

Exploit for CVE-2026-6741

CVE-2026-6741 CVE-2026-6741 is a CVSS 8.8 High Authenticated...

8.8CVSS5.7AI score0.00293EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/05/22 7:53 a.m.104 views

Exploit for CVE-2026-5118

CVE-2026-5118 — Divi Form Builder roles && !isset$rolesobj-...

9.8CVSS5.8AI score0.00487EPSS
Exploits5
Patchstack
Patchstack
added 2026/05/13 7:52 p.m.10 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability

Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.5...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/09 2:25 a.m.7 views

CVE-2026-7652 LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References15
CVE
CVE
added 2026/05/09 2:25 a.m.25 views

CVE-2026-7652

The LatePoint WordPress plugin (up to version 5.5.0) is vulnerable to Account Takeover via a Weak Password Recovery Mechanism in the unauthenticated guest booking flow. The root cause is save_connected_wordpress_user() propagating a LatePoint customer’s email to its linked WordPress user via wp_u...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

WordPress plugin LatePoint 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00719EPSS
Exploits0References1
NVD
NVD
added 2026/04/29 9:16 a.m.7 views

CVE-2026-42412

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS0.00195EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 7:51 a.m.5 views

EUVD-2026-26195

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS5.1AI score0.00195EPSS
Exploits0References1
Rows per page
Query Builder