Lucene search
K
WpusermanagerWp User Manager

4 matches found

CVE
CVE
added 2022/07/17 10:35 a.m.77 views

CVE-2021-24655

The WP User Manager WordPress plugin (≤ 2.6.3) has a vulnerability where the password reset mechanism does not verify that the reset key maps to the targeted user ID. An authenticated attacker who knows a user’s ID can reset that user’s password to an arbitrary value, gaining account access. A pa...

7.5CVSS7.7AI score0.0083EPSS
CVE
CVE
added 2024/08/26 8:34 p.m.66 views

CVE-2024-43336

WP User Manager plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability, impacting versions up to and including 2.9.10. The issue enables unintended actions on a user’s account via CSRF, per Red Hat and other vulnerability sources. The CVSS score in the initial data ...

4.3CVSS5.9AI score0.00174EPSS
CVE
CVE
added 2024/11/23 3:25 a.m.60 views

CVE-2024-10216

CVE-2024-10216 concerns the WordPress plugin WP User Manager – User Profile Builder & Membership (versions ≤ 2.9.11). The vulnerability is a missing capability check in the add_sidebar and remove_sidebar functions, enabling authenticated attackers with Subscriber-level access and above to modify ...

4.3CVSS4.3AI score0.00429EPSS
CVE
CVE
added 2024/11/23 3:25 a.m.56 views

CVE-2024-10537

CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check in validate_user_meta_key() across versions up to and including 2.9.11. This allows authenticated attackers with Subscriber-leve...

4.3CVSS4.2AI score0.00366EPSS