CVE-2026-29202

Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...

AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...

CVE-2025-69293 WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...

CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...

CVE-2025-69187

CVE-2025-69187 is reported as a Missing Authorization vulnerability in the WordPress plugin Final User (Final User/ final-user), affecting versions from n/a through &lt;= 1.2.5. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) yields a base score of 7.3 (High) with network attack vector, low...

CVE-2025-69187 WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through = 1.2.5...

WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Final User versions = 1.2.5...

EUVD-2021-11946

Malware in sbrugna...

EUVD-2020-16575

Malware in sbrugna...

EUVD-2025-25633

Malicious code in bioql PyPI...

EUVD-2022-51859

Malicious code in bioql PyPI...

WordPress plugin Bravis User 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-34522 · WordPress · Bravis User

Name of the Vulnerable Software and Affected Versions: Bravis User plugin for WordPress versions up to and including 1.0.0 Description: The plugin does not properly log in a user with data verified through the facebook ajax login callback function, leading to authentication bypass. This allows...

WordPress Bravis User plugin <= 1.0.0 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Bravis User versions = 1.0.0...

WordPress Case Theme User plugin <= 1.0.3 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Case Theme User versions = 1.0.3...

CVE-2023-0043

The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-27890

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2022-4519

The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2021-25034

The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...