Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.10 views

CVE-2023-0824

The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack...

7.4CVSS5.8AI score0.00319EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:56 p.m.2 views

CVE-2023-0824 UserPlus <= 2.0 - Stored XSS via CSRF

The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack...

6.6AI score0.00319EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/16 3:56 p.m.27 views

CVE-2023-0824 UserPlus <= 2.0 - Stored XSS via CSRF

The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack...

6.2AI score0.00319EPSS
Exploits2References1
CVE
CVE
added 2024/01/16 3:56 p.m.61 views

CVE-2023-0824

CVE-2023-0824 affects the WordPress plugin “User registration & user profile – UserPlus” (versions

7.4CVSS6.1AI score0.00319EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/04/17 12:0 a.m.11 views

WordPress UserPlus Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software UserPlus Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0824 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 16e46e951741 Credits Shreya Pohekar Required privilege...

7.4CVSS6AI score0.00319EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder