136 matches found
WordPress User Submitted Posts Plugin < 20240516 is vulnerable to Cross Site Scripting (XSS)
Software User Submitted Posts Type Plugin Vulnerable versions 20240516 Fixed in 20240516 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5002 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b741c5e1dcda Credits Guido Iván Garc...
WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to Broken Access Control
Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37929 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID a51ba27e9212 Credits Dave Jong Patchstac...
CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'restapichangeprofileimage' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
WordPress User Rights Access Manager Plugin <= 1.1.2 is vulnerable to Broken Access Control
Software User Rights Access Manager Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37209 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1f100e30e3b8 Credits Majed Refaea...
WordPress User Registration plugin <= 3.1.5 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Stiofan in WordPress Plugin User Registration versions = 3.1.5...
WordPress User Activity Log Pro Plugin <= 2.3.4 is vulnerable to SQL Injection
Software User Activity Log Pro Type Plugin Vulnerable versions = 2.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32137 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2210c42a0a13 Credits Dave Jong Patchstack Required privilege...
WordPress User Activity Log Plugin <= 1.9 is vulnerable to SQL Injection
Software User Activity Log Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-31356 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 35f222cae91f Credits Muhammad Daffa Required privilege Administrator...
WordPress User Rights Access Manager Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)
Software User Rights Access Manager Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31122 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 0673dec6d13c Credits Yudistira Arya Required...
CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1...
WordPress User profile Plugin <= 2.0.20 is vulnerable to Cross Site Scripting (XSS)
Software User profile Type Plugin Vulnerable versions = 2.0.20 Fixed in 2.0.21 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29097 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 53c17e5b3988 Credits Kang SeoHee Required privilege...
WordPress plugin User Registration security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress User Registration Plugin <= 3.1.4 is vulnerable to Cross Site Scripting (XSS)
Software User Registration Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1720 Patch priority Low CVSS severity Low 7.1 Developer Masteriyo PSID f3574c07a0a6 Credits stealthcopter Required...
WordPress User Shortcodes Plus Plugin <= 2.0.2 is vulnerable to Insecure Direct Object References (IDOR)
Software User Shortcodes Plus Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6969 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cc1bdd35256f Credits Francesco...
WordPress User Feedback Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS)
Software User Feedback Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0903 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f85f155284e8 Credits Grzegorz Niedziela...
WordPress User Feedback Plugin <= 1.0.9 is vulnerable to Cross Site Scripting (XSS)
Software User Feedback Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-46153 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a28b0bbea276 Credits Dimas Maulana Required privilege...
WordPress User Location and IP Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
Software User Location and IP Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31217 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8aceab066d00 Credits deokhunKim Required...
WordPress User Avatar - Reloaded Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software User Avatar - Reloaded Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4798 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a4fd94410ec4 Credits Dmitrii Ignatyev...
WordPress User Activity Log Pro Plugin < 2.3.4 is vulnerable to Bypass Vulnerability
Software User Activity Log Pro Type Plugin Vulnerable versions 2.3.4 Fixed in 2.3.4 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-5133 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06c08325ccb9 Credits Bartlomiej Marek and...
WordPress User Submitted Posts Plugin <= 20230901 is vulnerable to Cross Site Scripting (XSS)
Software User Submitted Posts Type Plugin Vulnerable versions = 20230901 Fixed in 20230902 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-7251 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 99d2f2c1710a Credits Ngô Thiên An ancorn from...
WordPress User Private Files Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
Software User Private Files Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4636 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a3eddd47293a Credits Shuning Xu Required...