Wpusermanager Wp User Manager vulnerabilities
4 known vulnerabilities affecting wpusermanager/wp_user_manager.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-24655P3HIGHCVSS 7.5fixed in 2.6.32022-07-17
CVE-2021-24655 [HIGH] CWE-639 CVE-2021-24655: The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the pass
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
nvd
CVE-2024-10537P4MEDIUMCVSS 4.3fixed in 2.9.122024-11-23
CVE-2024-10537 [MEDIUM] CWE-862 CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauth
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate use
nvd
CVE-2024-10216P4MEDIUMCVSS 4.3fixed in 2.9.122024-11-23
CVE-2024-10216 [MEDIUM] CWE-862 CVE-2024-10216: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauth
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above,
nvd
CVE-2024-43336P4MEDIUMCVSS 4.3≤ 2.9.102024-08-26
CVE-2024-43336 [MEDIUM] CWE-352 CVE-2024-43336: Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager WP User Manager wp-user-manager.T
Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through <= 2.9.10.
nvd