158 matches found
CVE-2025-31524 WordPress WP User Profiles plugin <= 2.6.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through = 2.6.2...
CVE-2024-38693
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7...
CVE-2024-37560
Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0...
CVE-2024-10789
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...
CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...
CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupauseradmin function. This makes it possible for unauthenticated attackers to update the plugins...
CVE-2024-10789
CVE-2024-10789 concerns the WP User Profile Avatar plugin for WordPress. The description reports a CSRF vulnerability in all versions up to 1.0.5 caused by missing or incorrect nonce validation in wpupa_user_admin(), enabling unauthenticated attackers to update plugin settings by luring an admini...
CVE-2023-45002
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8...
WordPress plugin WP User Frontend 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-1482 · Wedevs · Wedevs Wp User Frontend
Name of the Vulnerable Software and Affected Versions: weDevs WP User Frontend versions 3.6.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For weDevs WP User...
CVE-2024-10537
CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check in validate_user_meta_key() across versions up to and including 2.9.11. This allows authenticated attackers with Subscriber-leve...
CVE-2024-10537 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validateusermetakey function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with...
CVE-2024-10216 WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...
PT-2024-16353 · WordPress · Wp User Manager
Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to unauthorized access of data due to a missing capability check on the validate user meta ke...
WordPress WP User Manager Plugin <= 2.9.11 is vulnerable to Broken Access Control
Software WP User Manager Type Plugin Vulnerable versions = 2.9.11 Fixed in 2.9.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10537 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 15d82a7ba59b Credits Tieu Pham Trong Nhan Requir...
PT-2024-16120 · Unknown +1 · Wp User Manager +2
Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to a missing capability check on the add sidebar and remove sidebar functions. This allows...
CVE-2024-38693
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7...
CVE-2024-38693
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7...
CVE-2024-38693
CVE-2024-38693 describes an SQL Injection in the WordPress plugin WP User Frontend up to version 4.0.7, arising from improper neutralization of special elements in SQL commands. Public details across sources identify affected software as WP User Frontend with versions ≤ 4.0.7 and indicate a patch...
CVE-2024-43336
Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...