Lucene search
K

158 matches found

Cvelist
Cvelist
added 2025/04/10 8:9 a.m.28 views

CVE-2025-31524 WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through = 2.6.2...

8.8CVSS0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:59 a.m.16 views

CVE-2024-38693

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7...

7.6CVSS7.7AI score0.00438EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:48 a.m.7 views

CVE-2024-37560

Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0...

8CVSS5.1AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2025/01/16 4:15 a.m.8 views

CVE-2024-10789

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

4.3CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/16 3:27 a.m.6 views

CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

4.3CVSS6.5AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/16 3:27 a.m.17 views

CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update

The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...

4.3CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 2025/01/16 3:27 a.m.42 views

CVE-2024-10789

CVE-2024-10789 concerns the WP User Profile Avatar plugin for WordPress. The description reports a CSRF vulnerability in all versions up to 1.0.5 caused by missing or incorrect nonce validation in wpupa_user_admin(), enabling unauthenticated attackers to update plugin settings by luring an admini...

4.3CVSS4.3AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2025/01/02 12:15 p.m.8 views

CVE-2023-45002

Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8...

4.3CVSS0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.4 views

WordPress plugin WP User Frontend 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.2AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.4 views

PT-2025-1482 · Wedevs · Wedevs Wp User Frontend

Name of the Vulnerable Software and Affected Versions: weDevs WP User Frontend versions 3.6.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For weDevs WP User...

4.3CVSS8.6AI score0.00306EPSS
Exploits0References4
CVE
CVE
added 2024/11/23 3:25 a.m.57 views

CVE-2024-10537

CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check in validate_user_meta_key() across versions up to and including 2.9.11. This allows authenticated attackers with Subscriber-leve...

4.3CVSS4.2AI score0.00366EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/11/23 3:25 a.m.31 views

CVE-2024-10537 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...

4.3CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/23 3:25 a.m.13 views

CVE-2024-10216 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...

4.3CVSS6.5AI score0.00429EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.8 views

PT-2024-16353 · WordPress · Wp User Manager

Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to unauthorized access of data due to a missing capability check on the validate user meta ke...

4.3CVSS9.2AI score0.00366EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/11/22 12:0 a.m.13 views

WordPress WP User Manager Plugin <= 2.9.11 is vulnerable to Broken Access Control

Software WP User Manager Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10537 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 15d82a7ba59b Credits Tieu Pham Trong Nhan Requir...

4.3CVSS6.6AI score0.00366EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.9 views

PT-2024-16120 · Unknown +1 · Wp User Manager +2

Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to a missing capability check on the add sidebar and remove sidebar functions. This allows...

4.3CVSS9.2AI score0.00429EPSS
Exploits0References8
OSV
OSV
added 2024/08/29 2:15 p.m.2 views

CVE-2024-38693

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7...

7.2CVSS5.8AI score0.00438EPSS
Exploits0References1
NVD
NVD
added 2024/08/29 2:15 p.m.40 views

CVE-2024-38693

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7...

7.6CVSS0.00438EPSS
Exploits0References1
CVE
CVE
added 2024/08/29 2:5 p.m.66 views

CVE-2024-38693

CVE-2024-38693 describes an SQL Injection in the WordPress plugin WP User Frontend up to version 4.0.7, arising from improper neutralization of special elements in SQL commands. Public details across sources identify affected software as WP User Frontend with versions ≤ 4.0.7 and indicate a patch...

7.6CVSS7.7AI score0.00438EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/08/26 9:15 p.m.36 views

CVE-2024-43336

Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...

4.3CVSS0.00174EPSS
Exploits0References1
Rows per page
Query Builder