Vulnerabilities > Wpuserplus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9520 | Missing Authorization vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. | 5.4 |
| 2024-10-10 | CVE-2024-9518 | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. | 9.8 |
| 2024-10-10 | CVE-2024-9519 | Unspecified vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. | 7.2 |
| 2024-01-16 | CVE-2023-0824 | Cross-Site Request Forgery (CSRF) vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | 6.5 |