Wp User Manager
Monthly
Arbitrary file deletion in the WordPress WP User Manager plugin versions 2.9.16 and earlier allows authenticated subscriber-level users to delete arbitrary files on the underlying server via a path traversal flaw. Successful exploitation can corrupt the WordPress installation and, when wp-config.php is targeted, force the site into setup mode enabling a takeover chain. No public exploit identified at time of analysis, but the CVSS 9.9 rating and low privilege requirement make this a priority patch for affected sites.
The WP User Manager - User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The WP User Manager - User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Arbitrary file deletion in the WordPress WP User Manager plugin versions 2.9.16 and earlier allows authenticated subscriber-level users to delete arbitrary files on the underlying server via a path traversal flaw. Successful exploitation can corrupt the WordPress installation and, when wp-config.php is targeted, force the site into setup mode enabling a takeover chain. No public exploit identified at time of analysis, but the CVSS 9.9 rating and low privilege requirement make this a priority patch for affected sites.
The WP User Manager - User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The WP User Manager - User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.