Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress-users vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-4109
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin prior to 1.5.16 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) act...
Usersultra Usersultra
7.5
CVSSv2
CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote malicious users to execute arbitrary SQL commands via the uid parameter to index.php.
Wordpress Wordpress-users
Wordpress Wordpress-users 0.2
Wordpress Wordpress-users 0.9
Wordpress Wordpress-users 1.0
Wordpress Wordpress-users 1.1
Wordpress Wordpress-users 1.2
6.5
CVSSv2
CVE-2020-12074
The users-customers-import-export-for-wp-woocommerce plugin prior to 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
Webtoffee Import Export Wordpress Users
6.4
CVSSv2
CVE-2019-9880
An issue exists in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
Wpengine Wpgraphql 0.2.3
1 EDB exploit
6
CVSSv2
CVE-2019-15092
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
Webtoffee Import Export Wordpress Users
1 EDB exploit
5.8
CVSSv2
CVE-2017-8099
There is CSRF in the WHIZZ plugin prior to 1.1.1 for WordPress, allowing malicious users to delete any WordPress users and change the plugin's status via a GET request.
Browserweb Inc Whizz
3.5
CVSSv2
CVE-2022-1010
The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin prior to 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disall...
Miniorange Login Using Wordpress Users
3.5
CVSSv2
CVE-2020-4046
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in ...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
3.5
CVSSv2
CVE-2019-16780
WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an admin opens the post in the editor. Execution of this attack does require an authe...
Wordpress Wordpress 3.7
Wordpress Wordpress
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a up to and including 2.5.3.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »