Vulnerability List - Page 20

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2023-6969	User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode	kbjohnson90	User Shortcodes Plus	Medium	4.3	2024-03-13 15:26:57	Deep Dive
CVE-2024-1409	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-03-13 15:26:49	Deep Dive
CVE-2024-1535	ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-03-13 15:26:44	Deep Dive
CVE-2024-1158	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization	themekraft	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	Medium	4.3	2024-03-13 15:26:35	Deep Dive
CVE-2024-1071	WordPress Plugin Ultimate Member 安全漏洞	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Critical	9.8	2024-03-13 15:26:32	Deep Dive
CVE-2024-2123	Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	High	7.2	2024-03-13 09:35:15	Deep Dive
CVE-2023-7247	Login as User or Customer <= 3.8 - Admin Account Takeover	Unknown	Login as User or Customer	-	-	2024-03-11 17:56:06	Deep Dive
CVE-2024-1290	Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover	Unknown	User Registration	-	-	2024-03-11 17:56:06	Deep Dive
CVE-2024-2265	keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code	keerti1924	PHP-MYSQL-User-Login-System	Medium	5.3	2024-03-07 21:31:05	Deep Dive
CVE-2024-2264	keerti1924 PHP-MYSQL-User-Login-System login.php sql injection	keerti1924	PHP-MYSQL-User-Login-System	High	7.3	2024-03-07 21:00:07	Deep Dive
CVE-2024-1169	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload	themekraft	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	High	7.5	2024-03-07 11:01:58	Deep Dive
CVE-2024-1170	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion	themekraft	Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	High	8.2	2024-03-07 11:01:58	Deep Dive
CVE-2024-1720	User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting	wpeverest	User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	Medium	4.7	2024-03-07 05:32:39	Deep Dive
CVE-2024-1861	Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation	sminozzi	Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan	Medium	4.3	2024-02-28 09:33:35	Deep Dive
CVE-2024-1860	Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist	sminozzi	Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan	Medium	6.5	2024-02-28 09:33:34	Deep Dive
CVE-2024-0903	User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting	smub	UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds	Medium	5.4	2024-02-22 05:32:49	Deep Dive
CVE-2024-1702	keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection	keerti1924	PHP-MYSQL-User-Login-System	Medium	6.3	2024-02-21 16:31:05	Deep Dive
CVE-2024-1701	keerti1924 PHP-MYSQL-User-Login-System edit.php access control	keerti1924	PHP-MYSQL-User-Login-System	Medium	5.3	2024-02-21 15:31:06	Deep Dive
CVE-2024-1700	keerti1924 PHP-MYSQL-User-Login-System signup.php cross site scripting	keerti1924	PHP-MYSQL-User-Login-System	Medium	4.3	2024-02-21 15:31:05	Deep Dive
CVE-2024-1408	ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode	properfraction	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	Medium	6.4	2024-02-20 18:56:34	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List - Page 20