4 matches found
CVE-2021-24655
The WP User Manager WordPress plugin (≤ 2.6.3) has a vulnerability where the password reset mechanism does not verify that the reset key maps to the targeted user ID. An authenticated attacker who knows a user’s ID can reset that user’s password to an arbitrary value, gaining account access. A pa...
CVE-2024-43336
WP User Manager plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability, impacting versions up to and including 2.9.10. The issue enables unintended actions on a user’s account via CSRF, per Red Hat and other vulnerability sources. The CVSS score in the initial data ...
CVE-2024-10216
CVE-2024-10216 concerns the WordPress plugin WP User Manager – User Profile Builder & Membership (versions ≤ 2.9.11). The vulnerability is a missing capability check in the add_sidebar and remove_sidebar functions, enabling authenticated attackers with Subscriber-level access and above to modify ...
CVE-2024-10537
CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check in validate_user_meta_key() across versions up to and including 2.9.11. This allows authenticated attackers with Subscriber-leve...