VYPR

Wp User Manager

by WordPress

Source repositories

CVEs (8)

  • CVE-2026-49766CriJun 15, 2026
    risk 0.64cvss 9.9epss 0.01

    Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions.

  • CVE-2026-4003CriApr 8, 2026
    risk 0.64cvss 9.8epss 0.01

    The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all versions up to and including 1.1.15. This is due to a flawed authorization logic check in the userspn_ajax_nopriv_server() function within the…

  • CVE-2025-60245CriNov 6, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.

  • CVE-2026-9290HigJun 6, 2026
    risk 0.42cvss 7.5epss 0.02

    The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) function. This makes it possible for unauthenticated attackers to include and…

  • CVE-2025-13320MedDec 12, 2025
    risk 0.37cvss 6.8epss 0.01

    The WP User Manager plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 2.9.12. This is due to insufficient validation of user-supplied file paths in the profile update functionality combined with improper handling of array inputs…

  • CVE-2024-10537Nov 23, 2024
    risk 0.00cvss epss 0.00

    The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for…

  • CVE-2024-10216Nov 23, 2024
    risk 0.00cvss epss 0.00

    The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it…

  • CVE-2021-24655Jul 17, 2022
    risk 0.00cvss epss 0.01

    The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to…