VYPR

WP Remote Users Sync

by WordPress

Source repositories

CVEs (2)

  • CVE-2023-3958HigAug 16, 2023
    risk 0.48cvss 8.5epss 0.01

    The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests…

  • CVE-2023-4374MedAug 16, 2023
    risk 0.21cvss 4.3epss 0.01

    The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers…