CVE-2024-10537 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

WordPress plugin WP User Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16353 · WordPress · Wp User Manager

Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to unauthorized access of data due to a missing capability check on the validate user meta ke...