CVE-2024-30492

CVE-2024-30492 involves an improper restriction (Path Traversal) in the WebToffee Import Export WordPress Users plugin. Publicly stated affected version range is from a non-specified starting point up to 2.5.2. The connected documents reaffirm the path traversal characterization and the affected ...

PT-2024-23418 · WordPress · Webtoffee Import Export Wordpress Users

Name of the Vulnerable Software and Affected Versions: WebToffee Import Export WordPress Users versions through 2.5.2 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This vulnerability affects the...

Cross site request forgery (csrf)

The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-6390 WordPress Users <= 1.4 - Settings Update via CSRF

The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

PT-2024-14950 · WordPress · Wordpress Users

Name of the Vulnerable Software and Affected Versions: WordPress Users WordPress plugin versions 1.4 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

WordPress plugin WordPress Users Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress WordPress Users Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Users Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6390 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bb99fc7992d2 Credits Daniel Ruf Required...

WordPress Import Export WordPress Users Plugin <= 2.4.8 is vulnerable to Arbitrary File Upload

Software Import Export WordPress Users Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6558 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID a7515a768629 Credits István Márton Required...

CVE-2022-3603

The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin before 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection...

PT-2022-23127 · Woocommerce +1 · Export Customers List Csv For Woocommerce +2

Name of the Vulnerable Software and Affected Versions: Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin versions prior to 2.0.69 Description: The issue concerns a lack of data validation when outputting data back into a CSV file,...

WordPress plugin Login using WordPress Users 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Login using WordPress Users plugin...

VulnCheck KEV: CVE-2019-9880

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username...

WordPress Users Ultra 1.5.50 SQL Injection

Exploit Title: WordPress Users Ultra Plugin Blind SQL injection Discovery Date: 2015/10/19 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/...

WordPress Users Ultra 1.5.50 Unrestricted File Upload Vulnerability

WordPress Users Ultra plugin version 1.5.50 suffers from an unrestricted file upload vulnerability. Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact:...

WordPress Users Ultra 1.5.50 Unrestricted File Upload

Exploit Title: WordPress Users Ultra Plugin Unrestricted File Upload Discovery Date: 2015/10/27 Public Disclosure Date: 2015/12/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link:...

WordPress Users Ultra 1.5.15 SQL Injection

Exploit Title: CVE-2015-4109 - WordPress Users Ultra Plugin SQL injection Date: 2015/05/30 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/ Version: 1.5.15 Tested on: WordPre...

WordPress Users Ultra 1.3.37 SQL Injection

Title : Wordpress Users Ultra Plugin - SQL injection Vulnerability Risk : High+/Critical Author : XroGuE Google Dork : inurl: wp-content/plugins/users-ultra/ Plugin Version : 1.3.37 Plugin Name : users ultra Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip Vendor Home...

CVE-2011-4669

The CVE-2011-4669 entry concerns a SQL injection in the WordPress Users plugin (wp-users.php) version 1.3 and potentially earlier. The vulnerability allows remote attackers to inject arbitrary SQL via the uid parameter to index.php, enabling unauthorized database operations. Root cause is imprope...

WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection

WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection Advisory: http://chxsecurity.org/advisories/adv-3-full.txt PoC Mirror: http://chxsecurity.org/proof-of-concepts/wp-comment-remix-143.zip Attention: This is a Proof-of-Concept it was never intended to be fully functional Notes: Uses cURL / //...