CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52403 – WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52403
Unrestricted Upload of File with Dangerous Type vulnerability in WPExperts User Management allows Upload a Web Shell to a Web Server.This issue affects User Management: from n/a through 1.1. The User Management plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40851
https://notcve.org/view.php?id=CVE-2023-40851
Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page. Vulnerabilidad de Cross Site Scripting (XSS) en Phpgurukul User Registration & Login y User Management System con el panel de administración 3.0 permite a los atacantes ejecutar código arbitrario a través de los campos fname, lname, correo electrónico y contacto de la página de registro de usuario. • https://www.exploit-db.com/exploits/51694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40852
https://notcve.org/view.php?id=CVE-2023-40852
SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. Vulnerabilidad de inyección SQL en Phpgurukul User Registration & Login y User Management System con el panel de administración 3.0 permite a los atacantes obtener información confidencial a través de una cadena manipulada en el campo de nombre de usuario administrador en la página de inicio de sesión del administrador. • https://www.exploit-db.com/exploits/51695 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27225
https://notcve.org/view.php?id=CVE-2023-27225
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. • https://medium.com/%40ridheshgohil1092/my-first-cve-2023-27225-f232650f6cde https://packetstormsecurity.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34648
https://notcve.org/view.php?id=CVE-2023-34648
A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. • https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •