WordPress User Management Vulnerabilities
Wordpress User Management vulnerabilities.
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
Arbitrary File Deletion in User Profile Builder Plugin for WordPress
CVE-2025-9693WordPressUser Meta โ User Profi...8HIGHArbitrary File Upload Vulnerability in WooCommerce Refund And Exchange by WordPress
CVE-2025-6222WordPressWooCommerce Refund And...9.8CRITICALCross-Site Request Forgery Vulnerability in User Profile Meta Manager by Danny Vink
CVE-2025-48340WordPressUser Profile Meta Manager9.8CRITICALStored Cross-Site Scripting Vulnerability in User Private Files Plugin for WordPress
CVE-2024-13799WordPressUser Private Files โ F...6.4MEDIUMPrivilege Escalation in WPExperts User Management Plugin
CVE-2025-22736WordPressUser Management8.8HIGHUnrestricted Upload of File with Dangerous Type Vulnerability
CVE-2024-52403WordPressUser Management9.9CRITICALVulnerability in User Meta Plugin Allows Attackers to Obtain User Meta Values
CVE-2024-9262WordpressUser Meta โ User Profi...6.5MEDIUMAccess Control Vulnerability Affects User Rights Access Manager
CVE-2024-37209WordPressUser Rights Access Man...6.5MEDIUMUnauthenticated Arbitrary File Read Vulnerability Affects Advanced Access Manager Plugin
CVE-2019-25213WordpressAdvanced Access Manage...7.5HIGHFreemius SDK Vulnerabilities Affect Hundreds of WordPress Plugins and Themes
CVE-2022-4974WordpressYasr โ Yet Another Sta...6.3MEDIUMCross-Site Request Forgery (CSRF) Vulnerability Affects WP User Manager
CVE-2024-43336WordPressWP User Manager4.3MEDIUMWordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-51674WordPressAdvanced Access Manage...6.5MEDIUMWordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Open Redirection
CVE-2023-51675WordPressAdvanced Access Manage...4.7MEDIUMWordPress Advanced Access Manager Plugin <= 6.9.15 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-50881WordPressAdvanced Access Manage...6.5MEDIUMUser Access Manager < 2.2.18 - IP Spoofing
CVE-2022-1601WordpressUser Access Manager5.3MEDIUMWordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-23712WordPressUser Meta Manager8.8HIGHWordPress User Meta Manager Plugin <= 3.4.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-22718WordPressUser Meta Manager6.1MEDIUMUser Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload
CVE-2022-2356WordpressFrontend File Manager ...8.8HIGHWP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise
CVE-2021-24655WordpressWP User Manager โ User...7.5HIGHUser Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal
CVE-2022-0779WordpressUser Meta โ User Profi...EPSS 14%6.5MEDIUMUser Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting
CVE-2022-0376WordpressUser Meta โ User Profi...4.8MEDIUMCross-Site Request Forgery in User Access Manager Plugin for WordPress
CVE-2011-5328WordpressUser Access Manager8.8HIGH