| CVE-2024-13368 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2025-01-25 07:24:17 | Deep Dive |
| CVE-2024-12113 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2025-01-25 07:24:16 | Deep Dive |
| CVE-2025-0308 | Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.5 | 2025-01-18 05:33:50 | Deep Dive |
| CVE-2025-0318 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-01-18 05:33:49 | Deep Dive |
| CVE-2024-10789 | WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update | wpeventmanager | WP User Profile Avatar | Medium | 4.3 | 2025-01-16 03:27:23 | Deep Dive |
| CVE-2024-12738 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.1 | 2025-01-07 12:43:40 | Deep Dive |
| CVE-2024-54358 | WordPress 3D Avatar User Profile plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability | Enrico Cantori | 3D Avatar User Profile | High | 7.1 | 2024-12-16 14:31:37 | Deep Dive |
| CVE-2024-10518 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:18 | Deep Dive |
| CVE-2024-10517 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:17 | Deep Dive |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability | Jose Vega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-12-09 11:31:00 | Deep Dive |
| CVE-2024-10681 | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.3 | 2024-12-06 09:23:00 | Deep Dive |
| CVE-2024-11453 | WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | Medium | 6.4 | 2024-12-03 07:34:54 | Deep Dive |
| CVE-2024-11083 | ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.3 | 2024-11-27 05:31:54 | Deep Dive |
| CVE-2024-10537 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration | wpusermanager | WP User Manager – User Profile Builder & Membership | Medium | 4.3 | 2024-11-23 03:25:51 | Deep Dive |
| CVE-2024-10216 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal | wpusermanager | WP User Manager – User Profile Builder & Membership | Medium | 4.3 | 2024-11-23 03:25:48 | Deep Dive |
| CVE-2024-10528 | Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2024-11-21 05:33:49 | Deep Dive |
| CVE-2024-9262 | User Meta – User Profile Builder and User management plugin <= 3.1.1 - Insecure Direct Object Reference to Sensitive Information Exposure | khaledsaikat | User Meta – User Profile Builder and User management plugin | Medium | 6.5 | 2024-11-09 02:03:03 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-9520 | UserPlus <= 2.0 - Missing Authorization via Multiple Functions | userplus | User registration & user profile – UserPlus | Medium | 6.3 | 2024-10-10 02:06:13 | Deep Dive |
| CVE-2024-9067 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 4.3 | 2024-10-10 02:06:13 | Deep Dive |