136 matches found
CVE-2023-29429 WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1...
CVE-2023-50887 WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability
Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through = 1.0.10...
CVE-2024-10537
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...
CVE-2024-10216
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...
CVE-2024-10537 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...
WordPress plugin WP User Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress WP User Manager plugin <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration vulnerability
Missing Authorization to Authenticated Subscriber+ User Meta Key Enumeration vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WP User Manager versions = 2.9.11...
CVE-2024-11197 Lock User Account <= 1.0.5 - User Lock Bypass
The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...
CVE-2024-52403 WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through = 1.1...
CVE-2024-11150
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...
CVE-2024-10800
CVE-2024-10800 : WordPress User Extra Fields plugin (
WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion
Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...
WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation
Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...
WordPress User Extra Fields Plugin <= 16.5 is vulnerable to Arbitrary File Upload
Software User Extra Fields Type Plugin Vulnerable versions = 16.5 Fixed in 16.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10801 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f72c87b2aed7 Credits Tonn Required privilege Unauthenticated...
WordPress User Meta Plugin <= 3.1 is vulnerable to Sensitive Data Exposure
Software User Meta Type Plugin Vulnerable versions = 3.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9262 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 36e1a1a8053d Credits wesley wcraft Required privilege...
WordPress User Password Reset Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software User Password Reset Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51714 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 916db7652ed6 Credits SOPROBRO Required privilege...
CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress plugin WP User Frontend SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2024-43336
Cross-Site Request Forgery CSRF vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10...
WordPress plugin WP User Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...