Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress-users vulnerabilities and exploits
(subscribe to this query)
645
VMScore
CVE-2019-9880
An issue exists in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username.
Wpengine Wpgraphql 0.2.3
1 EDB exploit
NA
CVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a up to and including 2.5.3.
516
VMScore
CVE-2017-8099
There is CSRF in the WHIZZ plugin prior to 1.1.1 for WordPress, allowing malicious users to delete any WordPress users and change the plugin's status via a GET request.
Browserweb Inc Whizz
NA
CVE-2022-2373
The Simply Schedule Appointments WordPress plugin prior to 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address
Nsqua Simply Schedule Appointments
NA
CVE-2024-30492
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a up to and including 2.5.2.
NA
CVE-2022-3603
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin prior to 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.
Piwebsolution Export Customers List Csv For Woocommerce
NA
CVE-2023-1979
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, ...
Google Web Stories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2