Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress-users vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote malicious users to execute arbitrary SQL commands via the uid parameter to index.php.
Wordpress Wordpress-users 1.2
Wordpress Wordpress-users 0.9
Wordpress Wordpress-users 0.2
Wordpress Wordpress-users
Wordpress Wordpress-users 1.1
Wordpress Wordpress-users 1.0
8.8
CVSSv3
CVE-2023-6390
The WordPress Users WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Jonathonkemp Wordpress Users
7.2
CVSSv3
CVE-2023-6558
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attacke...
Webtoffee Import Export Wordpress Users
8.8
CVSSv3
CVE-2020-12074
The users-customers-import-export-for-wp-woocommerce plugin prior to 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
Webtoffee Import Export Wordpress Users
7.3
CVSSv3
CVE-2019-15092
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
Webtoffee Import Export Wordpress Users
1 EDB exploit
4.8
CVSSv3
CVE-2022-1010
The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin prior to 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disall...
Miniorange Login Using Wordpress Users
7.2
CVSSv3
CVE-2023-3459
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it poss...
Webtoffee Import Export Wordpress Users
5.4
CVSSv3
CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authe...
Wordpress Wordpress 3.7
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.4
CVSSv3
CVE-2020-4046
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in ...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
NA
CVE-2015-4109
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin prior to 1.5.16 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) act...
Usersultra Usersultra
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon