CVE-2024-10216
- EPSS 0.11%
- Published 23.11.2024 04:15:07
- Last modified 07.02.2025 17:17:00
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including...
CVE-2024-10537
- EPSS 0.13%
- Published 23.11.2024 04:15:07
- Last modified 07.02.2025 17:17:18
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This ma...
CVE-2024-43336
- EPSS 0.17%
- Published 26.08.2024 21:15:28
- Last modified 27.08.2024 16:00:25
Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.
CVE-2021-24655
- EPSS 0.7%
- Published 17.07.2022 11:15:08
- Last modified 21.11.2024 05:53:30
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only...