| CVE-2025-8896 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-08-16 06:39:22 | Deep Dive |
| CVE-2025-7688 | Add User Meta <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | jason-lau | Add User Meta | Medium | 6.1 | 2025-08-15 08:25:39 | Deep Dive |
| CVE-2025-49048 | WordPress Inspectlet – User Session Recording and Heatmaps plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | inspectlet | Inspectlet – User Session Recording and Heatmaps | Medium | 5.9 | 2025-08-14 10:34:19 | Deep Dive |
| CVE-2025-49064 | WordPress User Language Switch plugin <= 1.6.10 - Reflected Cross Site Scripting (XSS) vulnerability | Webilop | User Language Switch | High | 7.1 | 2025-08-14 10:34:12 | Deep Dive |
| CVE-2025-8158 | PHPGurukul Login and User Management System yesterday-reg-users.php sql injection | PHPGurukul | Login and User Management System | Medium | 6.3 | 2025-07-25 13:32:06 | Deep Dive |
| CVE-2025-8157 | PHPGurukul User Registration & Login and User Management lastthirtyays-reg-users.php sql injection | PHPGurukul | User Registration & Login and User Management | Medium | 6.3 | 2025-07-25 13:02:07 | Deep Dive |
| CVE-2025-8156 | PHPGurukul User Registration & Login and User Management lastsevendays-reg-users.php sql injection | PHPGurukul | User Registration & Login and User Management | Medium | 6.3 | 2025-07-25 12:32:07 | Deep Dive |
| CVE-2025-6831 | User Registration <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via urcr_restrict Shortcode | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.4 | 2025-07-22 01:44:28 | Deep Dive |
| CVE-2025-6222 | WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload | WP Swings | WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet | Critical | 9.8 | 2025-07-18 05:23:57 | Deep Dive |
| CVE-2025-4302 | Stop User Enumeration < 1.7.3 - Protection Bypass | Unknown | Stop User Enumeration | - | - | 2025-07-17 07:37:12 | Deep Dive |
| CVE-2025-6977 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 6.1 | 2025-07-16 04:24:03 | Deep Dive |
| CVE-2025-30758 | Oracle Siebel CRM 信息泄露漏洞 | Oracle Corporation | Siebel CRM End User | Medium | 5.3 | 2025-07-15 19:27:32 | Deep Dive |
| CVE-2025-7543 | PHPGurukul User Registration & Login and User Management System manage-users.php sql injection | PHPGurukul | User Registration & Login and User Management System | Medium | 6.3 | 2025-07-13 21:14:07 | Deep Dive |
| CVE-2025-7542 | PHPGurukul User Registration & Login and User Management System user-profile.php sql injection | PHPGurukul | User Registration & Login and User Management System | High | 7.3 | 2025-07-13 21:02:07 | Deep Dive |
| CVE-2025-28988 | WordPress WP Front User Submit / Front Editor plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability | aharonyan | WP Front User Submit / Front Editor | High | 7.1 | 2025-06-27 11:52:42 | Deep Dive |
| CVE-2025-4334 | Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation | nmedia | Simple User Registration | Critical | 9.8 | 2025-06-26 02:06:35 | Deep Dive |
| CVE-2024-3511 | Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files | WSO2 | WSO2 Enterprise Integrator | Medium | 4.3 | 2025-06-23 08:47:55 | Deep Dive |
| CVE-2025-49980 | WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability | WP Event Manager | WP User Profile Avatar | Medium | 4.3 | 2025-06-20 15:04:13 | Deep Dive |
| CVE-2025-49981 | WordPress User Roles and Capabilities plugin <= 1.2.6 - Broken Access Control Vulnerability | mahabub81 | User Roles and Capabilities | Medium | 4.3 | 2025-06-20 15:04:13 | Deep Dive |
| CVE-2025-52792 | WordPress WP User Stylesheet Switcher plugin <= v2.2.0 - Cross Site Request Forgery (CSRF) Vulnerability | vgstef | WP User Stylesheet Switcher | High | 7.1 | 2025-06-20 15:03:42 | Deep Dive |