| CVE-2024-7655 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | peepso | Community by PeepSo – Download from PeepSo.com | Medium | 4.4 | 2024-09-10 07:30:04 | Deep Dive |
| CVE-2024-38693 | WordPress WP User Frontend plugin <= 4.0.7 - SQL Injection vulnerability | weDevs | WP User Frontend | High | 7.6 | 2024-08-29 14:05:54 | Deep Dive |
| CVE-2024-43336 | WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability | WP User Manager | WP User Manager | Medium | 4.3 | 2024-08-26 20:34:59 | Deep Dive |
| CVE-2024-7848 | User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access | deepakkite | File Sharing & Download Manager – User Private Files | Medium | 4.3 | 2024-08-22 10:58:41 | Deep Dive |
| CVE-2024-43317 | WordPress RegistrationMagic plugin <= 6.0.1.0 - Cross Site Scripting (XSS) vulnerability | Metagauss User Registration Team | RegistrationMagic | Medium | 4.3 | 2024-08-19 19:22:53 | Deep Dive |
| CVE-2024-7703 | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.4 | 2024-08-17 11:15:02 | Deep Dive |
| CVE-2023-52209 | WordPress WPForms User Registration plugin <= 2.1.0 - Authenticated Privilege Escalation vulnerability | WPForms, LLC. | WPForms User Registration | High | 8.0 | 2024-08-01 21:04:11 | Deep Dive |
| CVE-2024-6695 | profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation | Unknown | User Profile Builder | - | - | 2024-07-31 06:00:05 | Deep Dive |
| CVE-2024-6366 | User Profile Builder < 3.11.8 - Unauthenticated Media Upload | Unknown | User Profile Builder | - | - | 2024-07-29 06:00:08 | Deep Dive |
| CVE-2024-5002 | User Submitted Posts < 20240516 - Admin+ Stored XSS | Unknown | User Submitted Posts | - | - | 2024-07-13 06:00:07 | Deep Dive |
| CVE-2024-5902 | UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter | smub | UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds | High | 7.2 | 2024-07-12 21:30:46 | Deep Dive |
| CVE-2024-37560 | WordPress WP User Switch plugin <= 1.1.3 - Privilege Escalation vulnerability | iqbalrony | WP User Switch | High | 8.0 | 2024-07-12 13:56:46 | Deep Dive |
| CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation | parorrey | JSON API User | Critical | 9.8 | 2024-07-11 06:43:13 | Deep Dive |
| CVE-2024-6410 | ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2024-07-10 04:31:31 | Deep Dive |
| CVE-2024-6411 | ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation | metagauss | ProfileGrid – User Profiles, Groups and Communities | High | 8.8 | 2024-07-10 04:31:30 | Deep Dive |
| CVE-2024-6069 | Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | High | 8.8 | 2024-07-09 08:33:11 | Deep Dive |
| CVE-2024-6265 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Critical | 9.8 | 2024-06-29 04:33:28 | Deep Dive |
| CVE-2024-5596 | ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions | armember | ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.3 | 2024-06-22 05:47:56 | Deep Dive |
| CVE-2024-5639 | User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update | cozmoslabs | User Profile Picture | Medium | 4.3 | 2024-06-21 06:58:18 | Deep Dive |
| CVE-2024-4742 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2024-06-20 02:08:20 | Deep Dive |