Vulnerabilities > Wpuserplus > Userplus > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2023-0824 | Cross-Site Request Forgery (CSRF) vulnerability in Wpuserplus Userplus The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | 6.5 |