Lucene search
K

158 matches found

Positive Technologies
Positive Technologies
added 2024/06/29 12:0 a.m.8 views

PT-2024-37495 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.10 Description: The issue is related to time-based SQL Injection via the uwp sort by parameter due to...

9.8CVSS8.1AI score0.024EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

UsersWP < 1.2.6 - Cross-Site Request Forgery

Description The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on an unknown...

5.4CVSS6.5AI score0.00197EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/11 1:15 p.m.21 views

CVE-2024-31936

Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/11 12:15 p.m.34 views

CVE-2024-31936 WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6...

5.4CVSS5.1AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2024/04/11 12:15 p.m.63 views

CVE-2024-31936

CVE-2024-31936 is a CSRF vulnerability in the WordPress plugin UsersWP by AyeCode Ltd. Affected versions are any before 1.2.6. The CVSS base metrics indicate a Medium severity (3.1 vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L; base score 5.4). The provided sources do not specify exploit details or...

5.4CVSS5.1AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/11 12:0 a.m.5 views

WordPress Plugin UsersWP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin i...

5.4CVSS6.4AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/11 12:0 a.m.6 views

PT-2024-24300 · Userswp · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP versions prior to 1.2.6 Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is...

5.4CVSS6.9AI score0.00197EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/10 1:52 p.m.24 views

WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Brandon Roldan Patchstack Alliance in WordPress Plugin UsersWP versions 1.2.6...

5.4CVSS7AI score0.00197EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/10 12:0 a.m.13 views

WordPress UsersWP Plugin < 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software UsersWP Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31936 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 341166f652d7 Credits Brandon Roldan Required...

5.4CVSS6.6AI score0.00197EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/09 7:15 p.m.16 views

CVE-2024-2423

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...

6.4CVSS5.7AI score0.00446EPSS
Exploits0References3
OSV
OSV
added 2024/04/09 7:15 p.m.1 views

CVE-2024-2423

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...

6.4CVSS7.4AI score0.00446EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.15 views

CVE-2024-2423 UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...

6.4CVSS7.4AI score0.00446EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.21 views

CVE-2024-2423 UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...

6.4CVSS5.8AI score0.00446EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.3 views

WordPress Plugin UsersWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...

6.4CVSS7.6AI score0.00446EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.3 views

PT-2024-20321 · WordPress · Userswp

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions up to, and including, 1.2.6 Description: The issue arises from insufficient input sanitization and output escaping on...

6.4CVSS9.1AI score0.00446EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/03/14 12:0 a.m.16 views

UsersWP < 1.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization...

6.4CVSS5.8AI score0.00446EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.11 views

WordPress UsersWP Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software UsersWP Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2423 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb46d3529c97 Credits Krzysztof Zając Required privile...

6.4CVSS6AI score0.00446EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/01 12:0 a.m.12 views

UsersWP < 1.2.3.23 - Profile Picture Deletion via CSRF

Description The plugin does not have CSRF check when deleting profile pictures, which could allow attackers to make logged in users perform unwanted actions via a CSRF attack...

7AI score
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/07 3:15 p.m.5 views

CVE-2022-47442

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...

8.8CVSS5.8AI score0.00682EPSS
Exploits0References1
NVD
NVD
added 2023/11/07 3:15 p.m.34 views

CVE-2022-47442

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9...

8.8CVSS0.00682EPSS
Exploits0References1
Rows per page
Query Builder