Lucene search
K

153 matches found

Patchstack
Patchstack
added 2024/08/05 12:0 a.m.12 views

WordPress UsersWP Plugin < 1.2.12 is vulnerable to Sensitive Data Exposure

Software UsersWP Type Plugin Vulnerable versions 1.2.12 Fixed in 1.2.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6477 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 23cb0cdd0abd Credits Majdeddine Ben Hadj Brahim Require...

7.5CVSS6.6AI score0.00575EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/08/03 6:16 a.m.28 views

CVE-2024-6477

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

7.5CVSS0.00575EPSS
Exploits1References1
OSV
OSV
added 2024/08/03 6:16 a.m.3 views

CVE-2024-6477

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

7.5CVSS5.8AI score0.00575EPSS
Exploits1References1
CVE
CVE
added 2024/08/03 6:0 a.m.53 views

CVE-2024-6477

CVE-2024-6477 affects the UsersWP WordPress plugin prior to 1.2.12. The vulnerability arises from predictable filenames generated for admin exports, allowing unauthenticated attackers to download exports and access sensitive user data (IP, username, email). Public sources in connected documents c...

7.5CVSS6AI score0.00575EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/08/03 6:0 a.m.30 views

CVE-2024-6477 UsersWP < 1.2.12 - Users Information Disclosure

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

0.00575EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/03 6:0 a.m.14 views

CVE-2024-6477 UsersWP < 1.2.12 - Users Information Disclosure

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

6AI score0.00575EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.4 views

PT-2024-37654 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.12 Description: The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when ...

7.5CVSS6.4AI score0.00575EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/08/03 12:0 a.m.4 views

WordPress plugin UsersWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.5CVSS6.6AI score0.00575EPSS
Exploits1References3
Patchstack
Patchstack
added 2024/07/01 3:48 a.m.6 views

WordPress UsersWP plugin <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' vulnerability

Unauthenticated SQL Injection via 'uwpsortby' vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin UsersWP versions = 1.2.10...

9.8CVSS8.1AI score0.024EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/01 12:0 a.m.20 views

WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection

Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...

9.8CVSS6.8AI score0.024EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/29 5:15 a.m.3 views

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

9.8CVSS5.8AI score0.024EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/29 4:33 a.m.15 views

CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

9.8CVSS7.5AI score0.024EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/29 4:33 a.m.227 views

CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

9.8CVSS0.024EPSS
Exploits0References3
CVE
CVE
added 2024/06/29 4:33 a.m.83 views

CVE-2024-6265

CVE-2024-6265 affects the WordPress plugin UsersWP (Front-end login, registration, profile, members directory). The vulnerability is a time-based SQL Injection caused by insufficient escaping of the uwp_sort_by parameter in all versions up to and including 1.2.10 , allowing unauthenticated attack...

9.8CVSS9.7AI score0.024EPSS
In wildExploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/29 12:0 a.m.4 views

WordPress plugin UsersWP security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS7.8AI score0.024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/29 12:0 a.m.8 views

PT-2024-37495 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.10 Description: The issue is related to time-based SQL Injection via the uwp sort by parameter due to...

9.8CVSS8.1AI score0.024EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

UsersWP < 1.2.6 - Cross-Site Request Forgery

Description The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on an unknown...

5.4CVSS6.5AI score0.00197EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/11 1:15 p.m.20 views

CVE-2024-31936

Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2024/04/11 12:15 p.m.63 views

CVE-2024-31936

CVE-2024-31936 is a CSRF vulnerability in the WordPress plugin UsersWP by AyeCode Ltd. Affected versions are any before 1.2.6. The CVSS base metrics indicate a Medium severity (3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L; base score 5.4). The provided sources do not specify exploit details or...

5.4CVSS5.1AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/11 12:15 p.m.33 views

CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...

5.4CVSS5.1AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder