Skip to main content

User Extra Fields

2 CVEs product

Monthly

CVE-2024-11150 CRITICAL Act Now

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal PHP WordPress User Extra Fields
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-10800 HIGH This Week

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation User Extra Fields
NVD
CVSS 3.1
8.8
EPSS
0.8%
EPSS 1% CVSS 9.8
CRITICAL Act Now

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal PHP +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy