Wpusermanager Wp User Manager User Profile Builder Membership vulnerabilities
4 known vulnerabilities affecting wpusermanager/wp_user_manager_user_profile_builder_membership.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2026-9290P2HIGHCVSS 7.5PoC≤ 2.9.172026-06-06
CVE-2026-9290 [HIGH] CWE-22 CVE-2026-9290: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in
nvd
CVE-2025-13320P3MEDIUMCVSS 6.8≤ 2.9.122025-12-12
CVE-2025-13320 [MEDIUM] CWE-73 CVE-2025-13320: The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs by PHP's filter_input() function. This makes it possible for authenticate
nvd
CVE-2024-10537P4MEDIUMCVSS 4.3≤ 2.9.112024-11-23
CVE-2024-10537 [MEDIUM] CWE-862 CVE-2024-10537: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauth
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate use
nvd
CVE-2024-10216P4MEDIUMCVSS 4.3≤ 2.9.112024-11-23
CVE-2024-10216 [MEDIUM] CWE-862 CVE-2024-10216: The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauth
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above,
nvd