Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Unauthenticated network write to plugin option with no confidentiality or availability impact on the direct action; downstream credential exposure is a chained risk, not the base vulnerability's direct impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the plugin's export field configuration stored in the uiewp_export_field option, controlling which user fields such as password hashes are included in CSV exports and how columns are mapped during imports.
AnalysisAI
Authorization bypass in the User Management WordPress plugin (versions ≤ 1.2) permits unauthenticated network attackers to overwrite the plugin's export field configuration stored in the uiewp_export_field WordPress option, determining which user fields - including password hashes - are bundled into CSV exports and how columns are interpreted during user imports. Reported by Wordfence, the flaw stems from CWE-862 (Missing Authorization), meaning the plugin performs no privilege check before accepting these writes. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No authentication is required - the CVSS vector PR:N confirms the handler accepts unauthenticated requests. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) captures the direct, unauthenticated, low-complexity nature of the write but scores C:N - which reflects only the immediate action of modifying a configuration option, not the downstream exposure of password hashes that becomes possible once that configuration is set. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends a crafted HTTP POST request to the WordPress site targeting the plugin's unguarded configuration handler, setting the uiewp_export_field option to include the user_pass field. When a site administrator later navigates to the plugin's export page and downloads the user CSV - a routine administrative task - the file contains bcrypt-hashed passwords for all registered users, which the attacker can retrieve if they also have read access to the export download URL or can socially engineer the CSV file. … |
| Remediation | No vendor-released patched version has been identified in the available intelligence; version 1.2 is the latest confirmed affected release and no successor tag appears in the referenced Subversion repository. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in User Management
View allVulnerability in Oracle E-Business Suite (component: Manage Proxies). Rated high severity (CVSS 7.5), this vulnerability
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filen
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). R
Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Rated medium s
The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. Rated med
Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation).
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Rated
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Rated
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42169
GHSA-fm3p-77j7-xv3w