Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
user vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-35878
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions.
Extra User Details Project Extra User Details
8.8
CVSSv3
CVE-2020-5224
In Django User Sessions (django-user-sessions) prior to 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS v...
Django-user-sessions Project Django-user-sessions
NA
CVE-2015-4607
Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and previous versions for TYPO3 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension using a frontend form, then accessing it via a di...
Frontend User Upload Project Frontend User Upload
6.1
CVSSv3
CVE-2023-22718
Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions.
User Meta Manager Project User Meta Manager
8.8
CVSSv3
CVE-2023-27424
Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.
Inactive User Deleter Project Inactive User Deleter
NA
CVE-2015-4608
Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and previous versions for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Be User Log Project Be User Log
NA
CVE-2005-1067
Vulnerability in Access_user Class prior to 1.75 allows local users to gain access as other users via the password "new".
Access User Class Access User Class 1.6
NA
CVE-2006-6922
SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and previous versions allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Deadlock User Management System Deadlock User Management System
6.1
CVSSv3
CVE-2021-24954
The User Registration, Login Form, User Profile & Membership WordPress plugin prior to 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue
Profilepress User Registration\\, Login Form\\, User Profile \\& Membership
6.1
CVSSv3
CVE-2021-24955
The User Registration, Login Form, User Profile & Membership WordPress plugin prior to 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Profilepress User Registration\\, Login Form\\, User Profile \\& Membership
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »