Lucene search
K

153 matches found

CVE
CVE
added 2026/04/10 1:25 a.m.9 views

CVE-2026-4977

The Connected document describes a vulnerability in WordPress Plugin UsersWP (versions ≤ 1.2.58) titled “Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter.” The issue allows an authenticated user (Subscriber+) to modify restricted user metadata through the HTMLV...

4.3CVSS5.9AI score0.00297EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/10 1:25 a.m.4 views

CVE-2026-4977 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This is due to insufficient field-level permission validation in the uploadfileremove AJAX handler whe...

4.3CVSS5.8AI score0.00297EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/10 12:10 a.m.7 views

WordPress UsersWP plugin <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability

Authenticated Subscriber+ Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability discovered by nquangit - Techlab Corporation in WordPress Plugin UsersWP versions = 1.2.58...

4.3CVSS5.9AI score0.00297EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

WordPress plugin UsersWP – Front-end login form, User Registration, User Profile & Members Directory 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00297EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/09 6:30 a.m.5 views

EUVD-2026-20846

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS6.1AI score0.00234EPSS
Exploits0References11
NVD
NVD
added 2026/04/09 5:16 a.m.6 views

CVE-2026-5742

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS0.00234EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:25 a.m.1 views

CVE-2026-5742

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS6.1AI score0.00234EPSS
Exploits0References11
CVE
CVE
added 2026/04/09 3:25 a.m.18 views

CVE-2026-5742

The CVE-2026-5742 entry concerns the WordPress UsersWP plugin (versions up to 1.2.60). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets...

6.4CVSS6.1AI score0.00234EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/09 3:25 a.m.33 views

CVE-2026-5742 UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible f...

6.4CVSS0.00234EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

WordPress plugin UsersWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00234EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.3 views

PT-2026-31579

Name of the Vulnerable Software and Affected Versions UsersWP plugin for WordPress versions up to and including 1.2.60 Description The UsersWP plugin for WordPress is susceptible to Stored Cross-Site Scripting. Insufficient input sanitization of user-supplied URL fields and improper output escapi...

6.4CVSS5.9AI score0.00234EPSS
Exploits0References13
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.31 views

UsersWP <= 1.2.10 - Unauthenticated SQL Injection

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress contains a time-based SQL Injection caused by insufficient escaping of the 'uwpsortby' parameter in all versions up to 1.2.10, letting unauthenticated attackers execute arbitrary SQL queries,...

9.8CVSS6.1AI score0.024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.4 views

CVE-2026-25015

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 3:16 p.m.8 views

CVE-2026-25015

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

4.3CVSS0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 2:8 p.m.4 views

EUVD-2026-5257

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 2:8 p.m.27 views

CVE-2026-25015 WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

4.3CVSS0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.3 views

CVE-2026-25015

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

5.3AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 2:8 p.m.14 views

CVE-2026-25015

CVE-2026-25015 is a CSRF vulnerability affecting the WordPress plugin UsersWP (Versions up to and including 1.2.53). The issue is a Cross-Site Request Forgery flaw that could allow an attacker to perform actions on behalf of an authenticated user without their consent. The vulnerability is docume...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 2:8 p.m.2 views

CVE-2026-25015 WordPress UsersWP plugin <= 1.2.53 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through = 1.2.53...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

WordPress plugin UsersWP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References1
Rows per page
Query Builder