Vulnerabilities > Wpuserplus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9520 | Missing Authorization vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. | 5.4 |
| 2024-01-16 | CVE-2023-0824 | Cross-Site Request Forgery (CSRF) vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | 6.5 |