WordPress Wp User Profiles Vulnerabilities
Wordpress Wp User Profiles vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Arbitrary File Deletion Vulnerability in WP User Manager Plugin by WordPress
CVE-2025-13320WordPressWP User Manager β User...6.8MEDIUMSQL Injection Vulnerability in UsersWP Plugin for WordPress
CVE-2025-10003WordPressUsersWP β Front-end Lo...6.5MEDIUMStored Cross-Site Scripting in UsersWP Plugin for WordPress
CVE-2025-9344WordPressUsersWP β Front-end Lo...6.4MEDIUMMissing Authorization in WP User Profile Avatar by WordPress
CVE-2025-49980WordPressWP User Profile Avatar4.3MEDIUMPrivilege Escalation Vulnerability in NotFound WP User Profiles Plugin
CVE-2025-31524WordPressWP User Profiles8.8HIGHCross-Site Request Forgery in WP User Profile Avatar Plugin for WordPress
CVE-2024-10789WordpressWP User Profile Avatar4.3MEDIUMFreemius SDK Vulnerabilities Affect Hundreds of WordPress Plugins and Themes
CVE-2022-4974WordpressYasr β Yet Another Sta...6.3MEDIUMWP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS
CVE-2023-6067WordpressWP User Profile AvatarπΎπ‘WordPress WP User Profile Avatar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-52118WordPressWP User Profile Avatar6.5MEDIUMWP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR
CVE-2023-6384WordpressWP User Profile AvatarπΎπ‘4.3MEDIUMMultiple e-plugins - Subscriber+ Privilege Escalation
CVE-2020-36666WordpressDirectory-proπΎπ‘8.8HIGHStored Cross-Site Scripting Vulnerability in WP User Plugin for WordPress
CVE-2022-4519WordpressWP User β Custom Regis...5.5MEDIUMWP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise
CVE-2021-24655WordpressWP User Manager β User...7.5HIGHBulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting
CVE-2022-1089WordpressBulk Edit And Create U...4.8MEDIUMWP User < 7.0 - Reflected Cross-Site Scripting
CVE-2021-25034WordpressWP User β Custom Regis...6.1MEDIUMWP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
CVE-2021-25076WordpressWP User Frontend β Mem...πΎπ‘EPSS 49%8.8HIGHProfilePress < 3.2.3 - Reflected Cross-Site Scripting
CVE-2021-24955WordpressUser Registration, Log...6.1MEDIUMProfilePress < 3.2.3 - Reflected Cross-Site Scripting
CVE-2021-24954WordpressUser Registration, Log...6.1MEDIUMProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget
CVE-2021-24522WordpressUser Registration, Use...6.1MEDIUMProfilePress < 3.1.8 - Authenticated Stored XSS
CVE-2021-24450WordpressUser Registration, Use...4.8MEDIUM