Vulnerabilities > WP User Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-02 | CVE-2022-4049 | Unspecified vulnerability in WP User Project WP User The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | 9.8 |
2022-02-28 | CVE-2021-25034 | Unspecified vulnerability in WP User Project WP User The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues | 6.1 |