VYPR

Wp User

by Wpseeds

Source repositories

CVEs (2)

  • CVE-2022-4049CriJan 2, 2023
    risk 0.64cvss 9.8epss 0.05

    The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

  • CVE-2022-4519MedDec 15, 2022
    risk 0.36cvss 5.5epss 0.01

    The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…