Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wordpress wordpress-users vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32835
Deserialization of Untrusted Data vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a up to and including 2.5.3.
NA
CVE-2024-30492
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a up to and including 2.5.2.
8.8
CVSSv3
CVE-2023-6390
The WordPress Users WordPress plugin up to and including 1.4 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack.
Jonathonkemp Wordpress Users
7.2
CVSSv3
CVE-2023-6558
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attacke...
Webtoffee Import Export Wordpress Users
7.2
CVSSv3
CVE-2023-3459
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it poss...
Webtoffee Import Export Wordpress Users
6.5
CVSSv3
CVE-2023-1979
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, ...
Google Web Stories
9.8
CVSSv3
CVE-2022-3603
The Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list WordPress plugin prior to 2.0.69 does not validate data when outputting it back in a CSV file, which could lead to CSV injection.
Piwebsolution Export Customers List Csv For Woocommerce
5.3
CVSSv3
CVE-2022-2373
The Simply Schedule Appointments WordPress plugin prior to 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address
Nsqua Simply Schedule Appointments
4.8
CVSSv3
CVE-2022-1010
The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin prior to 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disall...
Miniorange Login Using Wordpress Users
5.4
CVSSv3
CVE-2020-4046
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in ...
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »