| CVE-2024-32137 | WordPress User Activity Log Pro plugin <= 2.3.4 - Auth. SQL Injection vulnerability | Solwin | User Activity Log Pro | High | 8.5 | 2024-04-15 07:19:30 | Deep Dive |
| CVE-2023-6067 | WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS | Unknown | WP User Profile Avatar | - | - | 2024-04-15 05:00:01 | Deep Dive |
| CVE-2024-31356 | WordPress User Activity Log plugin <= 1.8 - Auth. SQL Injection vulnerability | Solwin Infotech | User Activity Log | High | 7.6 | 2024-04-10 16:19:56 | Deep Dive |
| CVE-2024-31298 | WordPress User Spam Remover plugin <= 1.0 - Sensitive Data Exposure via Log File vulnerability | Joel Hardi | User Spam Remover | Medium | 5.3 | 2024-04-10 15:34:29 | Deep Dive |
| CVE-2024-3210 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox' | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-04-10 05:32:23 | Deep Dive |
| CVE-2024-1991 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:59 | Deep Dive |
| CVE-2024-0588 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 4.3 | 2024-04-09 18:58:55 | Deep Dive |
| CVE-2024-1990 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 8.8 | 2024-04-09 18:58:52 | Deep Dive |
| CVE-2024-2423 | UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode | stiofansisland | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | Medium | 6.4 | 2024-04-09 18:58:42 | Deep Dive |
| CVE-2024-27899 | Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine | SAP_SE | SAP NetWeaver AS Java User Management Engine | High | 8.8 | 2024-04-09 00:54:17 | Deep Dive |
| CVE-2021-4438 | kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components | kyivstarteam | react-native-sms-user-consent | Medium | 5.3 | 2024-04-07 09:00:05 | Deep Dive |
| CVE-2024-2931 | WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure | syammohanm | WPFront User Role Editor | Medium | 4.3 | 2024-04-02 08:32:29 | Deep Dive |
| CVE-2024-31122 | WordPress User Rights Access Manager plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | Prism IT Systems | User Rights Access Manager | Medium | 5.8 | 2024-03-31 18:44:59 | Deep Dive |
| CVE-2023-27459 | WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability | WPEverest | User Registration | High | 7.4 | 2024-03-26 20:01:36 | Deep Dive |
| CVE-2023-7251 | WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability | Jeff Starr | User Submitted Posts | Medium | 6.5 | 2024-03-26 08:40:39 | Deep Dive |
| CVE-2024-27995 | WordPress ARMember plugin <= 4.0.23 - Cross Site Scripting (XSS) vulnerability | Repute Infosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 5.9 | 2024-03-21 15:00:59 | Deep Dive |
| CVE-2024-29097 | WordPress User profile plugin <= 2.0.20 - Subscriber+ Stored Cross Site Scripting (XSS) vulnerability | PickPlugins | User profile | Medium | 6.3 | 2024-03-19 16:00:05 | Deep Dive |
| CVE-2024-29138 | WordPress Restrict User Access plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability | Joachim Jensen | Restrict User Access – Membership Plugin with Force | High | 7.1 | 2024-03-19 13:40:40 | Deep Dive |
| CVE-2024-0687 | Restrict User Access – Ultimate Membership & Content Protection <= 2.5 - Information Exposure | intoxstudio | Restrict User Access – Ultimate Membership & Content Protection | Medium | 5.3 | 2024-03-13 15:27:26 | Deep Dive |
| CVE-2024-1806 | ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-03-13 15:27:17 | Deep Dive |