Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3
CVE-2025-67579
- EPSS 0.04%
- Veröffentlicht 09.12.2025 14:14:14
- Zuletzt bearbeitet 09.12.2025 18:36:29
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
9.8
CVE-2024-11150
- EPSS 19.43%
- Veröffentlicht 13.11.2024 05:15:12
- Zuletzt bearbeitet 19.11.2024 16:57:05
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for u...
8.8
CVE-2024-10800
- EPSS 0.14%
- Veröffentlicht 13.11.2024 05:15:11
- Zuletzt bearbeitet 19.11.2024 17:08:44
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attac...
1