VYPR

Wordpress Users

by WordPress

Source repositories

CVEs (2)

  • CVE-2023-6390HigJan 29, 2024
    risk 0.57cvss 8.8epss 0.00

    The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

  • CVE-2011-4669Dec 2, 2011
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.