Wpuserplus Userplus
4 CVEs affecting Wpuserplus Userplus. Latest disclosed: 2024-10-10. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-9518 | Critical | 9.8 | 2024-10-10 | The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_acti… |
CVE-2024-9519 | High | 7.2 | 2024-10-10 | The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in… |
CVE-2023-0824 | Medium | 6.5 | 2024-01-16 | The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, whi… |
CVE-2024-9520 | Medium | 6.3 | 2024-10-10 | The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions… |