CVE-2026-6506

The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to the infusedwoogdprupddata function missing authorization and capability checks, as well as lacking restrictions on which user meta keys can be updated. This...

WordPress User Meta plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin User Meta versions = 3.1.2...

WordPress User Meta Plugin <= 3.1 is vulnerable to Sensitive Data Exposure

Software User Meta Type Plugin Vulnerable versions = 3.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9262 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 36e1a1a8053d Credits wesley wcraft Required privilege...

WordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software User Meta Manager Type Plugin Vulnerable versions = 3.4.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23712 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0599179bc907 Credits thiennv Required...

WordPress User Meta Manager Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)

Software User Meta Manager Type Plugin Vulnerable versions = 3.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22718 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d307e7329c6e Credits minhtuanact...

WordPress User Meta Manager 3.4.6 Privilege Escalation

Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/ Software Link:...