CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2024-43277 – UsersWP <= 1.2.15 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-43277
The UsersWP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activation_redirect() function in versions up to, and including, 1.2.15. This makes it possible for unauthenticated attackers to trigger the activation redirect. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31936 – WordPress UsersWP plugin < 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31936
Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AyeCode Ltd UsersWP. Este problema afecta a UsersWP: desde n/a antes de 1.2.6. The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/userswp/wordpress-userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wordpress-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •