19 matches found
EUVD-2025-203230
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userbackgetjson function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...
CVE-2025-14540
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userbackgetjson function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...
CVE-2025-14540 Userback <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Plugin's Configuration Exposure
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userbackgetjson function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...
CVE-2025-14540 Userback <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Plugin's Configuration Exposure
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userbackgetjson function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...
CVE-2025-14540
CVE-2025-14540 affects the WordPress Userback plugin: versions up to and including 1.0.15 suffer a missing capability check in userback_get_json, enabling authenticated users with Subscriber+ access to exfiltrate the plugin’s configuration data, including the Userback API access token, and privat...
WordPress Userback plugin <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) plugin's Configuration Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ plugin's Configuration Exposure vulnerability discovered by jsonc in WordPress Plugin Userback versions = 1.0.15...
PT-2025-51081
The Userback plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the userback get json function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract...
WordPress plugin Userback 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2023-50350
Malicious code in bioql PyPI...
CVE-2023-46089
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
CVE-2023-46089
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
CVE-2023-46089
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
CVE-2023-46089 WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
CVE-2023-46089 WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Lee Le @ Userback Userback plugin = 1.0.13 versions...
CVE-2023-46089
CVE-2023-46089 denotes a CSRF vulnerability in the WordPress Userback plugin, affected versions
WordPress Plugin Userback Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2023-29838 · Userback · Userback
Name of the Vulnerable Software and Affected Versions: Userback plugin versions 1.0.13 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software Userback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46089 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca0e03655d57 Credits LEE SE HYOUNG...