CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22736 – WordPress User Management plugin <= 1.2 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-22736
14 Jan 2025 — Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2. The User Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. • https://patchstack.com/database/wordpress/plugin/user-management/vulnerability/wordpress-user-management-plugin-1-2-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52403 – WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52403
13 Nov 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1. The User Management plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which ... • https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40851
https://notcve.org/view.php?id=CVE-2023-40851
16 Oct 2023 — Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page. Vulnerabilidad de Cross Site Scripting (XSS) en Phpgurukul User Registration & Login y User Management System con el panel de administración 3.0 permite a los atacantes ejecutar código arbitrario a través de los campos fname, lname, correo electrónico y contacto de... • https://www.exploit-db.com/exploits/51694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40852
https://notcve.org/view.php?id=CVE-2023-40852
16 Oct 2023 — SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. Vulnerabilidad de inyección SQL en Phpgurukul User Registration & Login y User Management System con el panel de administración 3.0 permite a los atacantes obtener información confidencial a través de una cadena manipulada en el campo de nombre de usuario administrador... • https://www.exploit-db.com/exploits/51695 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27225
https://notcve.org/view.php?id=CVE-2023-27225
06 Jul 2023 — A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. • https://medium.com/%40ridheshgohil1092/my-first-cve-2023-27225-f232650f6cde • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34648
https://notcve.org/view.php?id=CVE-2023-34648
29 Jun 2023 — A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33591
https://notcve.org/view.php?id=CVE-2023-33591
21 Jun 2023 — User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. • https://github.com/DARSHANAGUPTA10/CVE/blob/main/CVE%202023-33591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43097
https://notcve.org/view.php?id=CVE-2022-43097
05 Dec 2022 — Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & login pages. Phpgurukul User Registration & User Management System v3.0 contiene múltiples vulnerabilidades de cross site scripting (XSS) almacenado a través de los parámetros firstname y lastname del formulario de registro y de páginas de inicio de sesión. • https://github.com/nibin-m/CVE-2022-43097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26800
https://notcve.org/view.php?id=CVE-2021-26800
16 Dec 2021 — Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account. Una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en el archivo Change-password.php en phpgurukul user management system in php usando procedimiento de almacenamiento versión V1.0, permite a atacantes cambiar la contraseña a una cuenta arbitraria • https://gist.github.com/Kavisha3/59dac95b268f0d32eab53e659ab59311 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23051
https://notcve.org/view.php?id=CVE-2020-23051
22 Oct 2021 — Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields. Se ha detectado que Phpgurukul User Registration & User Management System versión v2.0, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) almacenado por medio de los parámetros firstname y lastname de los campos de entrada registration form y login... • https://www.vulnerability-lab.com/get_content.php?id=2216 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •