5 matches found
CVE-2022-0442
CVE-2022-0442 affects the WordPress plugin UsersWP (versions prior to 1.2.3.1). The issue is a lack of access controls when updating a user avatar and non-unique avatar filenames, enabling a logged-in user to overwrite another user’s avatar. The vulnerability is confirmed across multiple sources ...
CVE-2024-6265
CVE-2024-6265 affects the WordPress plugin UsersWP (Front-end login, registration, profile, members directory). The vulnerability is a time-based SQL Injection caused by insufficient escaping of the uwp_sort_by parameter in all versions up to and including 1.2.10 , allowing unauthenticated attack...
CVE-2024-2423
CVE-2024-2423 affects the WordPress plugin UsersWP – Front-end login form, User Registration, User Profile & Members Directory . It is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode attributes in all versions up to and including 1.2.6, due to insufficient input sanitization ...
CVE-2024-6477
CVE-2024-6477 affects the UsersWP WordPress plugin prior to 1.2.12. The vulnerability arises from predictable filenames generated for admin exports, allowing unauthenticated attackers to download exports and access sensitive user data (IP, username, email). Public sources in connected documents c...
CVE-2022-47442
CVE-2022-47442 affects the WordPress UsersWP plugin (versions