Lucene search
K

158 matches found

Nuclei
Nuclei
added 13 hours ago24 views

WP User <= 7.0 - Unauthenticated SQLi

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2022-4049 info: name: WP User = 7.0 - Unauthenticated SQLi author: theamanrawat severity: critica...

9.8CVSS7.3AI score0.04756EPSS
Exploits2References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-57334 WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...

6.5CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.27 views

CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...

9.9CVSS0.00506EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 12:16 a.m.16 views

CVE-2026-9290

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS0.02403EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.70 views

CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...

7.5CVSS0.02403EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.7 views

CVE-2026-42412

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/05 9:37 a.m.9 views

WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin WP User Manager versions = 2.9.16...

9.9CVSS5.5AI score0.00506EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/29 4:17 a.m.13 views

CVE-2026-8995

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS0.00283EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/29 2:27 a.m.39 views

CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...

4.3CVSS0.00283EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/04/29 7:51 a.m.11 views

CVE-2026-42412

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...

6.5CVSS5.1AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 7:51 a.m.9 views

CVE-2026-42412

CVE-2026-42412 affects the WordPress plugin WP User Frontend up to version 4.3.1. The vulnerability is described as a Missing Authorization vulnerability caused by incorrectly configured access control levels (Broken Access Control). CVSS 3.1 base score is 6.5 (Network vector, Low attack complexi...

6.5CVSS5.2AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.4 views

CVE-2026-24364

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.3 views

EUVD-2026-15561

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...

5.8AI score0.00311EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

7.5CVSS0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.7 views

CVE-2026-24364

CVE-2026-24364 is a Missing Authorization vulnerability in the WordPress plugin WP User Frontend (weDevs) affecting versions up to and including 4.2.5. The issue, identified by a researcher (daroo), arises from incorrectly configured access control security levels. Public advisories from Red Hat,...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 1:3 p.m.6 views

WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP User Frontend versions = 4.2.8...

7.5CVSS5.8AI score0.00262EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.15 views

CVE-2023-45002

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8...

4.3CVSS8AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/03 2:22 a.m.10 views

CVE-2025-14047

The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...

5.3CVSS5.3AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 4:15 a.m.3 views

CVE-2025-13320

The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...

6.8CVSS0.00687EPSS
Exploits0References8
Rows per page
Query Builder