CVE-2024-9520
- EPSS 0.13%
- Veröffentlicht 10.10.2024 03:15:03
- Zuletzt bearbeitet 15.10.2024 14:34:59
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attacke...
CVE-2024-9518
- EPSS 0.69%
- Veröffentlicht 10.10.2024 02:15:05
- Zuletzt bearbeitet 15.10.2024 14:25:58
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticat...
CVE-2024-9519
- EPSS 0.18%
- Veröffentlicht 10.10.2024 02:15:05
- Zuletzt bearbeitet 15.10.2024 14:26:26
The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, wi...
CVE-2023-0824
- EPSS 0.15%
- Veröffentlicht 16.01.2024 16:15:10
- Zuletzt bearbeitet 21.11.2024 07:37:54
The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.