Every CVE whose affected-product data names Ayecode Userswp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-6265 — CVSS 9.8 (critical): The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is…
CVE-2024-6477 — CVSS 7.5 (high): The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated…
CVE-2024-2423 — CVSS 6.4 (medium): The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is…
CVE-2022-47442 — CVSS 5.8 (medium): Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through…
CVE-2022-0442 — CVSS 4.3 (medium): The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for…