Skip to main content

User Management

9 CVEs product

Monthly

CVE-2026-12097 MEDIUM This Month

Authorization bypass in the User Management WordPress plugin (versions ≤ 1.2) permits unauthenticated network attackers to overwrite the plugin's export field configuration stored in the uiewp_export_field WordPress option, determining which user fields - including password hashes - are bundled into CSV exports and how columns are interpreted during user imports. Reported by Wordfence, the flaw stems from CWE-862 (Missing Authorization), meaning the plugin performs no privilege check before accepting these writes. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the ability to preconfigure exports to surface password hashes represents a meaningful secondary confidentiality risk beyond the raw CVSS 5.3 Medium score.

Authentication Bypass WordPress User Management
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-30708 HIGH This Week

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass User Management
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36662 MEDIUM This Month

The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian User Management
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-21997 MEDIUM This Month

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass User Management
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-21500 HIGH POC PATCH THREAT This Week

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle E Business Suite User Management
NVD
CVSS 3.1
7.5
EPSS
70.6%
CVE-2021-2017 MEDIUM This Month

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Enterprise Data Quality Retail Invoice Matching User Management
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2018-18419 MEDIUM POC This Month

Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Management
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-3236 MEDIUM PATCH This Month

Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass User Management
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-2691 MEDIUM PATCH This Month

Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass User Management
NVD
CVSS 3.0
5.4
EPSS
0.9%
EPSS 0% CVSS 5.3
MEDIUM This Month

Authorization bypass in the User Management WordPress plugin (versions ≤ 1.2) permits unauthenticated network attackers to overwrite the plugin's export field configuration stored in the uiewp_export_field WordPress option, determining which user fields - including password hashes - are bundled into CSV exports and how columns are interpreted during user imports. Reported by Wordfence, the flaw stems from CWE-862 (Missing Authorization), meaning the plugin performs no privilege check before accepting these writes. No public exploit code and no CISA KEV listing have been identified at time of analysis; however, the ability to preconfigure exports to surface password hashes represents a meaningful secondary confidentiality risk beyond the raw CVSS 5.3 Medium score.

Authentication Bypass WordPress User Management
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass User Management
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian User Management
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass User Management
NVD
EPSS 71% CVSS 7.5
HIGH POC PATCH THREAT This Week

Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle E Business Suite +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Enterprise Data Quality +2
NVD
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS User Management
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass User Management
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Proxy User Delegation). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass User Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy