Wp User Project Wp User — known CVE vulnerabilities
Every CVE whose affected-product data names Wp User Project Wp User, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-4049 — CVSS 9.8 (critical): The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a…
CVE-2021-25034 — CVSS 6.1 (medium): The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used…