Vanquish User Extra Fields — known CVE vulnerabilities
Every CVE whose affected-product data names Vanquish User Extra Fields, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2024-11150 — CVSS 9.8 (critical): The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in…
CVE-2024-10800 — CVSS 8.8 (high): The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the…