Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
user vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-24859
The User Meta Shortcodes WordPress plugin up to and including 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration...
User Meta Shortcodes Project User Meta Shortcodes
6.1
CVSSv3
CVE-2021-38325
The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.3.0.
User-activation-email Project User-activation-email
6.1
CVSSv3
CVE-2023-22718
Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions.
User Meta Manager Project User Meta Manager
4.8
CVSSv3
CVE-2022-37403
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress.
Add User Role Project Add User Role
8.8
CVSSv3
CVE-2022-3865
The WP User Merger WordPress plugin prior to 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
Wp User Merger Project Wp User Merger
8.8
CVSSv3
CVE-2022-3848
The WP User Merger WordPress plugin prior to 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
Wp User Merger Project Wp User Merger
8.8
CVSSv3
CVE-2022-3849
The WP User Merger WordPress plugin prior to 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
Wp User Merger Project Wp User Merger
8.8
CVSSv3
CVE-2020-5224
In Django User Sessions (django-user-sessions) prior to 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS v...
Django-user-sessions Project Django-user-sessions
8.8
CVSSv3
CVE-2023-2546
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value...
Wp User Switch Project Wp User Switch
2 Github repositories
NA
CVE-2002-2016
User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code.
User-mode Linux User-mode Linux 2.4.17.8
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »