153 matches found
CVE-2026-4977
The Connected document describes a vulnerability in WordPress Plugin UsersWP (versions ≤ 1.2.58) titled “Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter.” The issue allows an authenticated user (Subscriber+) to modify restricted user metadata through the HTMLV...
CVE-2026-4977 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This is due to insufficient field-level permission validation in the uploadfileremove AJAX handler whe...
WordPress UsersWP plugin <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability
Authenticated Subscriber+ Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability discovered by nquangit - Techlab Corporation in WordPress Plugin UsersWP versions = 1.2.58...
WordPress plugin UsersWP – Front-end login form, User Registration, User Profile & Members Directory 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
EUVD-2026-20846
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...
CVE-2026-5742
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...
CVE-2026-5742
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...
CVE-2026-5742
The CVE-2026-5742 entry concerns the WordPress UsersWP plugin (versions up to 1.2.60). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets...
CVE-2026-5742 UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution
The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...
WordPress plugin UsersWP 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-31579
Name of the Vulnerable Software and Affected Versions UsersWP plugin for WordPress versions up to and including 1.2.60 Description The UsersWP plugin for WordPress is susceptible to Stored Cross-Site Scripting. Insufficient input sanitization of user-supplied URL fields and improper output escapi...
UsersWP <= 1.2.10 - Unauthenticated SQL Injection
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress contains a time-based SQL Injection caused by insufficient escaping of the 'uwpsortby' parameter in all versions up to 1.2.10, letting unauthenticated attackers execute arbitrary SQL queries,...
CVE-2026-25015
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
CVE-2026-25015
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
EUVD-2026-5257
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
CVE-2026-25015 WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
CVE-2026-25015
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
CVE-2026-25015
CVE-2026-25015 is a CSRF vulnerability affecting the WordPress plugin UsersWP (Versions up to and including 1.2.53). The issue is a Cross-Site Request Forgery flaw that could allow an attacker to perform actions on behalf of an authenticated user without their consent. The vulnerability is docume...
CVE-2026-25015 WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...
WordPress plugin UsersWP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...