Wp User Manager
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60245 | Cri | 0.64 | 9.8 | 0.00 | Nov 6, 2025 | Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12. | ||
| CVE-2025-23843 | Hig | 0.46 | 7.1 | 0.00 | Mar 3, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphrmanager WP-HR Manager: The Human Resources Plugin for WordPress wp-hr-manager allows Reflected XSS.This issue affects WP-HR Manager: The Human Resources Plugin for… | ||
| CVE-2026-9290 | Hig | 0.42 | 7.5 | 0.02 | Jun 6, 2026 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and… | ||
| CVE-2025-13320 | Med | 0.37 | 6.8 | 0.01 | Dec 12, 2025 | The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs… | ||
| CVE-2024-43336 | Med | 0.28 | 4.3 | 0.00 | Aug 26, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through <= 2.9.10. | ||
| CVE-2024-10537 | 0.00 | — | 0.00 | Nov 23, 2024 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for… | |||
| CVE-2024-10216 | 0.00 | — | 0.00 | Nov 23, 2024 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it… |
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphrmanager WP-HR Manager: The Human Resources Plugin for WordPress wp-hr-manager allows Reflected XSS.This issue affects WP-HR Manager: The Human Resources Plugin for…
- risk 0.42cvss 7.5epss 0.02
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and…
- risk 0.37cvss 6.8epss 0.01
The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through <= 2.9.10.
- CVE-2024-10537Nov 23, 2024risk 0.00cvss —epss 0.00
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for…
- CVE-2024-10216Nov 23, 2024risk 0.00cvss —epss 0.00
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it…