Vulnerabilities > WP User Project

DATE CVE VULNERABILITY TITLE RISK
2023-01-02 CVE-2022-4049 Unspecified vulnerability in WP User Project WP User
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
network
low complexity
wp-user-project
critical
9.8
2022-02-28 CVE-2021-25034 Cross-site Scripting vulnerability in WP User Project WP User
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues
4.3