cbcvebase.

Userplus User Registration User Profile Userplus vulnerabilities

3 known vulnerabilities affecting userplus/user_registration_user_profile_userplus.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-9518P2CRITICALCVSS 9.8≤ 2.02024-10-10
CVE-2024-9518 [CRITICAL] CWE-269 CVE-2024-9518: The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and inclu The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.
nvd
CVE-2024-9519P3HIGHCVSS 7.2≤ 2.02024-10-10
CVE-2024-9519 [HIGH] CWE-266 CVE-2024-9519: The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an impro The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads
nvd
CVE-2024-9520P4MEDIUMCVSS 5.4≤ 2.02024-10-10
CVE-2024-9520 [MEDIUM] CWE-862 CVE-2024-9520: The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of da The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0. This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and plugin options.
nvd
Userplus User Registration User Profile Userplus vulnerabilities | cvebase