CVE-2026-4979 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to blind Server-Side Request Forgery in all versions up to, and including, 1.2.58. This is due to insufficient URL origin validation in the processimagecrop...

CVE-2026-4979

CVE-2026-4979 affects the UsersWP plugin for WordPress (

WordPress plugin UsersWP – Front-end login form, User Registration, User Profile & Members Directory 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-4977

The Connected document describes a vulnerability in WordPress Plugin UsersWP (versions ≤ 1.2.58) titled “Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter.” The issue allows an authenticated user (Subscriber+) to modify restricted user metadata through the HTMLV...

WordPress plugin UsersWP – Front-end login form, User Registration, User Profile & Members Directory 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Booking Calendar Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

PT-2024-38913 · 10Web · The Slider By 10Web

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web WordPress plugin version 1.2.58 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

WordPress Slider by 10Web Plugin <= 1.2.57 is vulnerable to SQL Injection

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.57 Fixed in 1.2.58 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7150 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 4ad1a30beb69 Credits Arkadiusz Hydzik Required privilege Contributor...

CVE-2026-25679 affecting package golang for versions less than 1.2.58-1

CVE-2026-25679 affecting package golang for versions less than 1.2.58-1. A patched version of the package is available...