2 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15. The UsersWP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activation_redirect() function in versions up to, and including, 1.2.15. This makes it possible for unauthenticated attackers to trigger the activation redirect. • https://patchstack.com/database/vulnerability/userswp/wordpress-userswp-plugin-1-2-15-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AyeCode Ltd UsersWP. Este problema afecta a UsersWP: desde n/a antes de 1.2.6. The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/userswp/wordpress-userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wordpress-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •