Every CVE whose affected-product data names Wpuserplus Userplus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-9518 — CVSS 9.8 (critical): The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient…
CVE-2024-9519 — CVSS 7.2 (high): The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the…
CVE-2023-0824 — CVSS 6.5 (medium): The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as…
CVE-2024-9520 — CVSS 6.3 (medium): The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on…