Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Userswp Security Vulnerabilities

cve
cve

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar.

4.3CVSS

4.5AI Score

0.001EPSS

2022-03-07 09:15 AM
63
cve
cve

CVE-2022-47442

Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.

8.8CVSS

8.6AI Score

0.001EPSS

2023-11-07 03:15 PM
15
cve
cve

CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the β€˜uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied ...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-29 05:15 AM
39
cve
cve

CVE-2024-6477

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address

7.5CVSS

6.3AI Score

0.0004EPSS

2024-08-03 06:16 AM
16