Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 204 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-13121 Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS UnknownPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content 中危 -2025-02-13 06:00:12 Deep Dive
CVE-2024-13119 ProfilePress < 4.15.20 - Admin+ Stored XSS UnknownPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content 中危 -2025-02-13 06:00:06 Deep Dive
CVE-2024-12037 Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting themekraftPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Medium 6.4 2025-01-31 11:11:11 Deep Dive
CVE-2025-0308 Ultimate Member <= 2.9.1 - Unauthenticated SQL Injection ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin High 7.5 2025-01-18 05:33:50 Deep Dive
CVE-2025-0318 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.9.1 - Information Exposure ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 5.3 2025-01-18 05:33:49 Deep Dive
CVE-2024-12738 User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.12.9 - Unauthenticated Stored Cross-Site Scripting cozmoslabsUser Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor Medium 6.1 2025-01-07 12:43:40 Deep Dive
CVE-2024-10518 ProfilePress < 4.15.15 - Admin+ Stored XSS UnknownPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content 中危 -2024-12-12 06:00:18 Deep Dive
CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS UnknownPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content 中危 -2024-12-12 06:00:17 Deep Dive
CVE-2023-29429 WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability wpeverestUser Registration Medium 5.3 2024-12-09 11:31:10 Deep Dive
CVE-2024-53810 WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability N-MediaSimple User Registration Critical 9.1 2024-12-06 13:07:38 Deep Dive
CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 5.3 2024-11-27 05:31:54 Deep Dive
CVE-2024-11818 PHPGurukul User Registration & Login and User Management System signup.php sql injection PHPGurukulUser Registration & Login and User Management System High 7.3 2024-11-26 23:31:05 Deep Dive
CVE-2024-11817 PHPGurukul User Registration & Login and User Management System index.php sql injection PHPGurukulUser Registration & Login and User Management System High 7.3 2024-11-26 23:00:10 Deep Dive
CVE-2024-10528 Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 4.3 2024-11-21 05:33:49 Deep Dive
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery metagaussRegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Critical 9.8 2024-11-09 07:35:08 Deep Dive
CVE-2024-49604 WordPress Simple User Registration plugin <= 6.7 - Broken Authentication vulnerability N-MediaSimple User Registration Critical 9.8 2024-10-20 07:56:33 Deep Dive
CVE-2022-4974 Freemius SDK <= 2.4.2 - Missing Authorization Checks dashlabsltdYASR – Yet Another Star Rating Plugin for WordPress Medium 6.3 2024-10-16 06:43:30 Deep Dive
CVE-2024-9873 Community by PeepSo <= 6.4.6.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting peepsoCommunity by PeepSo – Download from PeepSo.com Medium 5.4 2024-10-16 05:31:56 Deep Dive
CVE-2024-8757 Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection afthemesWP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars High 7.2 2024-10-12 09:39:19 Deep Dive
CVE-2024-9520 UserPlus <= 2.0 - Missing Authorization via Multiple Functions userplusUser registration & user profile – UserPlus Medium 6.3 2024-10-10 02:06:13 Deep Dive