Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 189 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2022-3384 Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin High 7.2 2022-11-29 20:39:57 Deep Dive
CVE-2022-3361 Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 4.3 2022-11-29 20:39:44 Deep Dive
CVE-2021-36915 WordPress Profile Builder plugin <= 3.6.0 - Cross-Site Request Forgery (CSRF) vulnerability CozmoslabsProfile Builder – User Profile & User Registration Forms (WordPress plugin) Medium 4.2 2022-10-11 19:34:00 Deep Dive
CVE-2022-1950 Youzify < 1.2.0 - Unauthenticated SQLi UnknownYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 超危 -2022-08-01 12:49:04 Deep Dive
CVE-2021-24655 WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise UnknownWP User Manager – User Profile Builder & Membership 高危 -2022-07-17 10:35:28 Deep Dive
CVE-2022-1903 ARMember < 3.4.8 - Unauthenticated Admin Account Takeover UnknownARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup 高危 -2022-06-27 08:58:19 Deep Dive
CVE-2022-1208 Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 6.4 2022-06-13 12:43:38 Deep Dive
CVE-2022-0779 User Meta < 2.4.4 - Subscriber+ Local File Enumeration via Path Traversal UnknownUser Meta – User Profile Builder and User management plugin 中危 -2022-06-06 08:50:49 Deep Dive
CVE-2022-0376 User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting UnknownUser Meta – User Profile Builder and User management plugin 中危 -2022-05-30 08:35:34 Deep Dive
CVE-2022-1209 Ultimate Member <= 2.3.1 - Arbitrary Redirect ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Medium 4.3 2022-05-10 19:34:42 Deep Dive
CVE-2022-0884 Profile Builder < 3.6.8 - Admin+ Stored Cross-Site Scripting UnknownProfile Builder – User Profile & User Registration Forms 中危 -2022-04-04 15:35:55 Deep Dive
CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override UnknownUsersWP – User Registration & User Profile 中危 -2022-03-07 08:16:45 Deep Dive
CVE-2021-25034 WP User < 7.0 - Reflected Cross-Site Scripting UnknownWP User – Custom Registration Forms, Login and User Profile 中危 -2022-02-28 09:06:32 Deep Dive
CVE-2022-0653 Profile Builder – User Profile & User Registration Forms <= 3.6.1 Reflected Cross-Site Scripting CozmoslabsProfile Builder – User Profile & User Registration Forms Medium 6.1 2022-02-24 18:27:05 Deep Dive
CVE-2021-25076 WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting UnknownWP User Frontend – Membership, Profile, Registration & Post Submission Plugin for WordPress 高危 -2022-01-24 08:01:24 Deep Dive
CVE-2021-24955 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting UnknownUser Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar) 中危 -2021-12-13 10:41:29 Deep Dive
CVE-2021-24954 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting UnknownUser Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar) 中危 -2021-12-13 10:41:28 Deep Dive
CVE-2021-24731 Pie Register < 3.7.1.6 - Unauthenticated SQL Injection UnknownRegistration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes 超危 -2021-11-08 17:35:16 Deep Dive
CVE-2021-24647 Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login UnknownRegistration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes 高危 -2021-11-08 17:34:57 Deep Dive
CVE-2021-24675 One User Avatar < 2.3.7 - Avatar Update via CSRF UnknownOne User Avatar | User Profile Picture 中危 -2021-10-18 13:45:55 Deep Dive