Lucene search
K

158 matches found

NVD
NVD
added 2025/06/20 3:15 p.m.10 views

CVE-2025-49980

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...

4.3CVSS0.00236EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/20 3:4 p.m.4 views

CVE-2025-49980 WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6...

4.3CVSS4.6AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:4 p.m.20 views

CVE-2025-49980

CVE-2025-49980 concerns the WordPress plugin WP User Profile Avatar (affected: versions up to 1.0.6) and is a Missing Authorization / broken access control vulnerability. The CVE describes an exposure where access control is misconfigured, enabling exploitation via unauthorized actions. Public so...

4.3CVSS5.9AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/20 3:4 p.m.17 views

CVE-2025-49980 WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...

4.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2025/06/05 6:15 a.m.15 views

CVE-2025-3055

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.1CVSS0.00703EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/05 5:23 a.m.11 views

CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

8.8CVSS8.9AI score0.00797EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/05 5:23 a.m.20 views

CVE-2025-3055 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Deletion

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteavatarajax function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

8.1CVSS0.00703EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/05 5:23 a.m.35 views

CVE-2025-3054 WP User Frontend Pro <= 4.1.3 - Authenticated (Subscriber+) Arbitrary File Upload

The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfiles function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload...

8.8CVSS0.00797EPSS
Exploits1References2
CVE
CVE
added 2025/06/05 5:23 a.m.73 views

CVE-2025-3054

The CVE-2025-3054 entry affects the WP User Frontend Pro plugin for WordPress, with versions up to 4.1.3. The vulnerability is an arbitrary file upload due to missing file type validation in upload_files(), impacting authenticated users at Subscriber level and above, under conditions where the Pr...

8.8CVSS8.9AI score0.00797EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/06/05 12:0 a.m.4 views

PT-2025-23895 · WordPress · Wp User Frontend Pro

Name of the Vulnerable Software and Affected Versions: WP User Frontend Pro plugin for WordPress versions up to, and including, 4.1.3 Description: The issue is related to insufficient file path validation in the delete avatar ajax function, allowing authenticated attackers with Subscriber-level...

8.1CVSS8.2AI score0.00703EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.8 views

CVE-2024-10216

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...

4.3CVSS6.5AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.15 views

CVE-2024-43336

Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...

4.3CVSS5.9AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:12 a.m.7 views

CVE-2023-47682

Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5...

7.2CVSS6.9AI score0.00635EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:48 a.m.20 views

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

8.8CVSS6.8AI score0.01357EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:16 a.m.9 views

CVE-2022-4519

The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

5.5CVSS5.8AI score0.00552EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-24649

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via...

9.8CVSS6.9AI score0.00646EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.7 views

CVE-2021-25034

The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...

6.1CVSS6.1AI score0.00788EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/12 8:43 a.m.21 views

CVE-2025-31524

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through = 2.6.2...

8.8CVSS7.2AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2025/04/10 8:15 a.m.19 views

CVE-2025-31524

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through = 2.6.2...

8.8CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 8:9 a.m.64 views

CVE-2025-31524

CVE-2025-31524 – WP User Profiles privilege escalation : Affected WP User Profiles (

8.8CVSS7.2AI score0.00343EPSS
Exploits0References1
Rows per page
Query Builder