2 matches found
CVE-2021-25034
CVE-2021-25034 affects the WordPress WP User plugin before 7.0. The root cause is lack of sanitisation/escaping of certain parameters in pages using the [wp_user] shortcode, enabling Reflected Cross-Site Scripting (XSS). Public sources (NVD/NVD-derived entries and vendor references) describe a re...
CVE-2022-4049
CVE-2022-4049 affects the WP User WordPress plugin up to version 7.0, where an unsafely constructed SQL statement using an unvalidated parameter (id) in admin-ajax.php allows unauthenticated SQL injection. The root cause is improper sanitization/escaping of the parameter before use in the SQL sta...