158 matches found
PT-2024-37495 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.10 Description: The issue is related to time-based SQL Injection via the uwp sort by parameter due to...
UsersWP < 1.2.6 - Cross-Site Request Forgery
Description The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on an unknown...
CVE-2024-31936
Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...
CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...
CVE-2024-31936
CVE-2024-31936 is a CSRF vulnerability in the WordPress plugin UsersWP by AyeCode Ltd. Affected versions are any before 1.2.6. The CVSS base metrics indicate a Medium severity (3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L; base score 5.4). The provided sources do not specify exploit details or...
WordPress Plugin UsersWP 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin i...
PT-2024-24300 · Userswp · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP versions prior to 1.2.6 Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is...
WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin UsersWP versions 1.2.6...
WordPress UsersWP Plugin < 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software UsersWP Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 341166f652d7 Credits Brandon Roldan Required...
CVE-2024-2423
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...
CVE-2024-2423
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...
CVE-2024-2423 UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...
CVE-2024-2423 UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...
WordPress Plugin UsersWP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...
PT-2024-20321 · WordPress · Userswp
Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on...
UsersWP < 1.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization...
WordPress UsersWP Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)
Software UsersWP Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb46d3529c97 Credits Krzysztof Zając Required privile...
UsersWP < 1.2.3.23 - Profile Picture Deletion via CSRF
Description The plugin does not have CSRF check when deleting profile pictures, which could allow attackers to make logged in users perform unwanted actions via a CSRF attack...
CVE-2022-47442
Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...
CVE-2022-47442
Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...