Lucene search
K

136 matches found

Cvelist
Cvelist
added 2024/12/09 11:31 a.m.19 views

CVE-2023-29429 WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1...

5.3CVSS0.00402EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 11:29 a.m.13 views

CVE-2023-50887 WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through = 1.0.10...

5.3CVSS8.6AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2024/11/23 4:15 a.m.4 views

CVE-2024-10537

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00366EPSS
Exploits0References2
OSV
OSV
added 2024/11/23 4:15 a.m.5 views

CVE-2024-10216

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...

4.3CVSS5.8AI score0.00429EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/23 3:25 a.m.10 views

CVE-2024-10537 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/23 12:0 a.m.6 views

WordPress plugin WP User Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8AI score0.00366EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/22 9:31 p.m.4 views

WordPress WP User Manager plugin <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration vulnerability

Missing Authorization to Authenticated Subscriber+ User Meta Key Enumeration vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WP User Manager versions = 2.9.11...

4.3CVSS7AI score0.00366EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/21 2:6 a.m.42 views

CVE-2024-11197 Lock User Account <= 1.0.5 - User Lock Bypass

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

4.2CVSS0.00407EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/16 9:53 p.m.12 views

CVE-2024-52403 WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through = 1.1...

9.9CVSS8.5AI score0.00478EPSS
Exploits0References1
NVD
NVD
added 2024/11/13 5:15 a.m.29 views

CVE-2024-11150

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

9.8CVSS0.01339EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 4:29 a.m.87 views

CVE-2024-10800

CVE-2024-10800 : WordPress User Extra Fields plugin (

8.8CVSS8.7AI score0.00789EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.22 views

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...

9.8CVSS6.6AI score0.01339EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.18 views

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...

8.8CVSS6.5AI score0.00789EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/09 12:0 a.m.7 views

WordPress User Extra Fields Plugin <= 16.5 is vulnerable to Arbitrary File Upload

Software User Extra Fields Type Plugin Vulnerable versions = 16.5 Fixed in 16.6 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-10801 Patch priority High CVSS severity High 10 Developer Claim ownership PSID f72c87b2aed7 Credits Tonn Required privilege Unauthenticated...

9.8CVSS6.8AI score0.00829EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.16 views

WordPress User Meta Plugin <= 3.1 is vulnerable to Sensitive Data Exposure

Software User Meta Type Plugin Vulnerable versions = 3.1 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9262 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 36e1a1a8053d Credits wesley wcraft Required privilege...

6.5CVSS6.5AI score0.00409EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.10 views

WordPress User Password Reset Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software User Password Reset Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51714 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 916db7652ed6 Credits SOPROBRO Required privilege...

7.1CVSS6.5AI score0.00259EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/10 9:30 a.m.13 views

CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.3 views

WordPress plugin WP User Frontend SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.6CVSS7.7AI score0.00438EPSS
Exploits0References2
OSV
OSV
added 2024/08/26 9:15 p.m.5 views

CVE-2024-43336

Cross-Site Request Forgery CSRF vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.3 views

WordPress plugin WP User Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.5AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder