Lucene search
K

136 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35880

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.3.2 Description A missing authorization issue exists due to incorrectly configured access control security levels. Recommendations Update to a version newer than 4.3.1...

6.5CVSS5.2AI score0.00195EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.25 views

CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...

7.6CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.13 views

CVE-2026-39476

Technical details for CVE-2026-39476 are not publicly provided in the supplied documents; monitor for updates from vendors and advisories.

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 6:43 a.m.27 views

CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...

8.8CVSS0.00632EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/03/24 5:17 p.m.8 views

WordPress User Registration & Membership plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation vulnerability

Missing Authorization to Authenticated Contributor+ Content Access Rule Manipulation vulnerability discovered by darkmode in WordPress Plugin User Registration versions = 5.1.4...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/18 8:38 a.m.4 views

WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin User Feedback versions = 1.10.1...

5.9AI score0.00197EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 1:56 a.m.3 views

CVE-2026-1566

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...

8.8CVSS6AI score0.003EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/03 7:58 a.m.6 views

WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability

Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...

9.8CVSS5.9AI score0.25532EPSS
Exploits2References1Affected Software1
EUVD
EUVD
added 2026/02/03 2:8 p.m.4 views

EUVD-2026-5248

Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...

5.4CVSS5.3AI score0.00095EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

WordPress plugin Simple Membership WP user Import 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.7AI score0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.27 views

CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login

The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...

7.5CVSS0.00335EPSS
Exploits1References2
CVE
CVE
added 2025/12/24 12:31 p.m.18 views

CVE-2025-68496

CVE-2025-68496 concerns the WordPress WordPress User Feedback plugin (Syed Balkhi) in the historic plugin “userfeedback-lite.” The issue is an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands, described as a Blind SQL Injection. Impact, as document...

7.6CVSS5.9AI score0.00475EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/12 7:43 a.m.7 views

WordPress WP User Manager plugin <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via 'currentuseravatar' Parameter vulnerability discovered by YCInfosec in WordPress Plugin WP User Manager versions = 2.9.12...

6.8CVSS6.8AI score0.00687EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.4 views

WordPress plugin WP User Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.8CVSS6.5AI score0.00687EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/12/05 7:8 a.m.11 views

WordPress User Verification plugin <= 2.0.44 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luckybuddy in WordPress Plugin User Verification versions = 2.0.44...

9.8CVSS5.4AI score0.0045EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/06 6:32 p.m.7 views

EUVD-2025-38102

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

6.5AI score0.00476EPSS
Exploits0References2
NVD
NVD
added 2025/11/06 4:16 p.m.5 views

CVE-2025-60245

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

9.8CVSS0.00476EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.5 views

WordPress plugin WP User Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.8CVSS7AI score0.00476EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.8 views

PT-2025-45286

Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...

7AI score0.00476EPSS
Exploits0References2
CVE
CVE
added 2025/10/31 6:42 a.m.22 views

CVE-2025-7846

CVE-2025-7846 affects the WordPress plugin WordPress User Extra Fields (versions up to and including 16.7). The vulnerability is described as an arbitrary file deletion caused by insufficient validation in the save_fields() function. An attacker with Subscriber-level or higher can delete arbitrar...

8.8CVSS6.9AI score0.0064EPSS
Exploits0References2
Rows per page
Query Builder