VYPR

Wp User Manager

by Wpusermanager

Source repositories

CVEs (7)

  • CVE-2025-60245CriNov 6, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.

  • CVE-2025-23843HigMar 3, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphrmanager WP-HR Manager: The Human Resources Plugin for WordPress wp-hr-manager allows Reflected XSS.This issue affects WP-HR Manager: The Human Resources Plugin for…

  • CVE-2026-9290HigJun 6, 2026
    risk 0.42cvss 7.5epss 0.02

    The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and…

  • CVE-2025-13320MedDec 12, 2025
    risk 0.37cvss 6.8epss 0.01

    The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs…

  • CVE-2024-43336MedAug 26, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through <= 2.9.10.

  • CVE-2024-10537Nov 23, 2024
    risk 0.00cvss epss 0.00

    The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for…

  • CVE-2024-10216Nov 23, 2024
    risk 0.00cvss epss 0.00

    The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it…