Vulnerabilities (CVE)

Filtered by vendor Wpusermanager Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-24655 1 Wpusermanager 1 Wp User Manager 2024-11-21 6.0 MEDIUM 7.5 HIGH
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
CVE-2024-43336 1 Wpusermanager 1 Wp User Manager 2024-08-27 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.