| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-15318 | Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. | Tanium | End-User Notifications Endpoint Tools | Medium | 5.5 | 2026-02-09 22:56:27 | Deep Dive |
| CVE-2026-1271 | ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 5.3 | 2026-02-05 09:13:45 | Deep Dive |
| CVE-2025-13416 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2026-02-05 08:25:44 | Deep Dive |
| CVE-2026-24986 | WordPress Simple Membership WP user Import plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability | wp.insider | Simple Membership WP user Import | - | - | 2026-02-03 14:08:36 | Deep Dive |
| CVE-2025-15030 | User Profile Builder < 3.15.2 - Unauthenticated Arbitrary Password Reset | Unknown | User Profile Builder | - | - | 2026-02-02 06:00:02 | Deep Dive |
| CVE-2020-36945 | WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass | WEBDAMN.COM | WebDamn User Registration & Login System with User Panel | High | 8.2 | 2026-01-28 17:35:07 | Deep Dive |
| CVE-2026-0844 | Simple User Registration <= 6.7 - Authenticated (Subscriber+) Privilege Escalation via profile_save_field | nmedia | Simple User Registration | High | 8.8 | 2026-01-28 11:23:40 | Deep Dive |
| CVE-2026-1054 | RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 5.3 | 2026-01-28 07:27:35 | Deep Dive |
| CVE-2026-0832 | New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure | saadiqbal | New User Approve | High | 7.3 | 2026-01-28 06:43:46 | Deep Dive |
| CVE-2025-13471 | User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update | Unknown | User Activity Log | - | - | 2026-01-28 06:00:04 | Deep Dive |
| CVE-2026-0800 | User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field | specialk | User Submitted Posts – Enable Users to Submit Posts from the Front End | High | 7.2 | 2026-01-24 08:26:32 | Deep Dive |
| CVE-2026-1070 | Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update | adzbierajewski | Alex User Counter | Medium | 4.3 | 2026-01-24 07:26:41 | Deep Dive |
| CVE-2026-24353 | WordPress User Registration plugin <= 4.4.9 - Arbitrary Shortcode Execution vulnerability | wpeverest | User Registration | Medium | 4.3 | 2026-01-22 16:52:43 | Deep Dive |
| CVE-2025-69293 | WordPress Final User plugin <= 1.2.5 - Privilege Escalation vulnerability | e-plugins | Final User | - | - | 2026-01-22 16:52:31 | Deep Dive |
| CVE-2025-69187 | WordPress Final User plugin <= 1.2.5 - Broken Access Control vulnerability | e-plugins | Final User | - | - | 2026-01-22 16:52:30 | Deep Dive |
| CVE-2025-67956 | WordPress User Registration plugin <= 4.4.6 - Broken Access Control vulnerability | wpeverest | User Registration | - | - | 2026-01-22 16:51:56 | Deep Dive |
| CVE-2025-12825 | User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure | zealopensource | User Registration Using Contact Form 7 | Medium | 5.3 | 2026-01-17 04:34:02 | Deep Dive |
| CVE-2025-15403 | RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Critical | 9.8 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2026-0913 | User Submitted Posts <= 20260110 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'usp_access' Shortcode | specialk | User Submitted Posts – Enable Users to Submit Posts from the Front End | Medium | 6.4 | 2026-01-16 08:23:38 | Deep Dive |
| CVE-2026-0510 | Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping | SAP_SE | NW AS Java UME User Mapping | Low | 3.0 | 2026-01-13 01:15:44 | Deep Dive |