Userplus Security Vulnerabilities and Issues — Userplus CVE List

Lucene search

WpuserplusUserplus

3 matches found

CVE•added 2024/10/10 2:15 a.m.•36 views

CVE-2024-9518

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supply...

9.8CVSS9.6AI score0.00263EPSS

CVE•added 2024/10/10 3:15 a.m.•33 views

CVE-2024-9520

The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to...

6.3CVSS5.9AI score0.00087EPSS

CVE•added 2024/10/10 2:15 a.m.•32 views

CVE-2024-9519

The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update t...

7.2CVSS7AI score0.00122EPSS