Skip to main content

Wp Useronline

3 CVEs product

Monthly

CVE-2023-5560 MEDIUM POC This Month

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Useronline
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2941 MEDIUM POC PATCH This Month

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Wp Useronline
NVD GitHub Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
4.9%
CVE-2022-2473 MEDIUM POC PATCH This Month

The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Wp Useronline
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
1.0%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Useronline
NVD WPScan
EPSS 5% CVSS 5.5
MEDIUM POC PATCH This Month

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Wp Useronline
NVD GitHub Exploit-DB VulDB
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templates[browsingpage][text]' parameter in versions up to, and including, 2.87.6 due to insufficient. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Wp Useronline
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy