Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4049 | 1 Wp User Project | 1 Wp User | 2024-11-21 | N/A | 9.8 CRITICAL |
| The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. | |||||
| CVE-2021-25034 | 1 Wp User Project | 1 Wp User | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues | |||||