136 matches found
PT-2026-35880
Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.3.2 Description A missing authorization issue exists due to incorrectly configured access control security levels. Recommendations Update to a version newer than 4.3.1...
CVE-2026-39475 WordPress User Feedback plugin <= 1.10.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.1...
CVE-2026-39476
Technical details for CVE-2026-39476 are not publicly provided in the supplied documents; monitor for updates from vendors and advisories.
CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
WordPress User Registration & Membership plugin <= 5.1.4 - Missing Authorization to Authenticated (Contributor+) Content Access Rule Manipulation vulnerability
Missing Authorization to Authenticated Contributor+ Content Access Rule Manipulation vulnerability discovered by darkmode in WordPress Plugin User Registration versions = 5.1.4...
WordPress User Feedback plugin <= 1.10.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin User Feedback versions = 1.10.1...
CVE-2026-1566
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePoint Agent role, who are creating new customers to se...
WordPress User Registration & Membership plugin <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration vulnerability
Unauthenticated Privilege Escalation via Membership Registration vulnerability discovered by Foxyyy in WordPress Plugin User Registration versions = 5.1.2...
EUVD-2026-5248
Cross-Site Request Forgery CSRF vulnerability in wp.insider Simple Membership WP user Import simple-membership-wp-user-import allows Cross Site Request Forgery.This issue affects Simple Membership WP user Import: from n/a through = 1.9.1...
WordPress plugin Simple Membership WP user Import 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-11877 User Activity Log <= 2.2 - Unauthenticated Limited Options Update via Failed Login
The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ualshookwploginfailed' lacks a capability check and writes failed usernames directly into updateoption calls. This makes it possible for unauthenticated attacker...
CVE-2025-68496
CVE-2025-68496 concerns the WordPress WordPress User Feedback plugin (Syed Balkhi) in the historic plugin “userfeedback-lite.” The issue is an SQL Injection vulnerability caused by improper neutralization of special elements in SQL commands, described as a Blind SQL Injection. Impact, as document...
WordPress WP User Manager plugin <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability
Authenticated Subscriber+ Arbitrary File Deletion via 'currentuseravatar' Parameter vulnerability discovered by YCInfosec in WordPress Plugin WP User Manager versions = 2.9.12...
WordPress plugin WP User Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress User Verification plugin <= 2.0.44 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by luckybuddy in WordPress Plugin User Verification versions = 2.0.44...
EUVD-2025-38102
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...
CVE-2025-60245
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...
WordPress plugin WP User Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-45286
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through = 2.9.12...
CVE-2025-7846
CVE-2025-7846 affects the WordPress plugin WordPress User Extra Fields (versions up to and including 16.7). The vulnerability is described as an arbitrary file deletion caused by insufficient validation in the save_fields() function. An attacker with Subscriber-level or higher can delete arbitrar...