158 matches found
WP User <= 7.0 - Unauthenticated SQLi
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2022-4049 info: name: WP User = 7.0 - Unauthenticated SQLi author: theamanrawat severity: critica...
CVE-2026-57334 WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in WP User Frontend = 4.3.7 versions...
CVE-2026-49766 WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability
Subscriber Arbitrary File Deletion in WP User Manager = 2.9.16 versions...
CVE-2026-9290
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...
CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...
CVE-2026-42412
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...
WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by endy in WordPress Plugin WP User Manager versions = 2.9.16...
CVE-2026-8995
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...
CVE-2026-8995 Poll Maker by AYS <= 6.3.7 - Authenticated (Subscriber+) Sensitive Information Exposure in 'ays_poll_get_user_information' AJAX Action
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...
CVE-2026-42412
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1...
CVE-2026-42412
CVE-2026-42412 affects the WordPress plugin WP User Frontend up to version 4.3.1. The vulnerability is described as a Missing Authorization vulnerability caused by incorrectly configured access control levels (Broken Access Control). CVSS 3.1 base score is 6.5 (Network vector, Low attack complexi...
CVE-2026-24364
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...
EUVD-2026-15561
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.5...
CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...
CVE-2026-32485 WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...
CVE-2026-24364
CVE-2026-24364 is a Missing Authorization vulnerability in the WordPress plugin WP User Frontend (weDevs) affecting versions up to and including 4.2.5. The issue, identified by a researcher (daroo), arises from incorrectly configured access control security levels. Public advisories from Red Hat,...
WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP User Frontend versions = 4.2.8...
CVE-2023-45002
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8...
CVE-2025-14047
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'FrontendFormAjax::submitpost' function in all versions up to,...
CVE-2025-13320
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filterinp...