153 matches found
WordPress UsersWP Plugin < 1.2.12 is vulnerable to Sensitive Data Exposure
Software UsersWP Type Plugin Vulnerable versions 1.2.12 Fixed in 1.2.12 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6477 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 23cb0cdd0abd Credits Majdeddine Ben Hadj Brahim Require...
CVE-2024-6477
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...
CVE-2024-6477
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...
CVE-2024-6477
CVE-2024-6477 affects the UsersWP WordPress plugin prior to 1.2.12. The vulnerability arises from predictable filenames generated for admin exports, allowing unauthenticated attackers to download exports and access sensitive user data (IP, username, email). Public sources in connected documents c...
CVE-2024-6477 UsersWP < 1.2.12 - Users Information Disclosure
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...
CVE-2024-6477 UsersWP < 1.2.12 - Users Information Disclosure
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...
PT-2024-37654 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP WordPress plugin versions prior to 1.2.12 Description: The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when ...
WordPress plugin UsersWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress UsersWP plugin <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' vulnerability
Unauthenticated SQL Injection via 'uwpsortby' vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin UsersWP versions = 1.2.10...
WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection
Software UsersWP Type Plugin Vulnerable versions = 1.2.10 Fixed in 1.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6265 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 32b55caea5de Credits Trương Hữu Phúc truonghuuphuc Required privilege...
CVE-2024-6265
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...
CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...
CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by'
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...
CVE-2024-6265
CVE-2024-6265 affects the WordPress plugin UsersWP (Front-end login, registration, profile, members directory). The vulnerability is a time-based SQL Injection caused by insufficient escaping of the uwp_sort_by parameter in all versions up to and including 1.2.10 , allowing unauthenticated attack...
WordPress plugin UsersWP security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-37495 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.10 Description: The issue is related to time-based SQL Injection via the uwp sort by parameter due to...
UsersWP < 1.2.6 - Cross-Site Request Forgery
Description The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on an unknown...
CVE-2024-31936
Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...
CVE-2024-31936
CVE-2024-31936 is a CSRF vulnerability in the WordPress plugin UsersWP by AyeCode Ltd. Affected versions are any before 1.2.6. The CVSS base metrics indicate a Medium severity (3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L; base score 5.4). The provided sources do not specify exploit details or...
CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...