Wpuserplus Userplus

4 CVEs affecting Wpuserplus Userplus. Latest disclosed: 2024-10-10. Critical: 1, High: 1.

Top CVEs affecting Wpuserplus Userplus
CVESeverityScorePublishedSummary
CVE-2024-9518Critical9.82024-10-10The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_acti…
CVE-2024-9519High7.22024-10-10The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in…
CVE-2023-0824Medium6.52024-01-16The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, whi…
CVE-2024-9520Medium6.32024-10-10The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions…