Vulnerabilites related to wpusermanager - wp_user_manager
Vulnerability from fkie_nvd
Published
2022-07-17 11:15
Modified
2024-11-21 05:53
Severity ?
Summary
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpusermanager | wp_user_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpusermanager:wp_user_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "228BCB6C-F487-4754-978A-BBFCC50D112F",
"versionEndExcluding": "2.6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account."
},
{
"lang": "es",
"value": "El plugin WP User Manager de WordPress versiones anteriores a 2.6.3, no asegura que el ID de usuario para restablecer la contrase\u00f1a est\u00e9 relacionado con la clave de restablecimiento dada. Como resultado, cualquier usuario autenticado puede restablecer la contrase\u00f1a (a un valor arbitrario) de cualquier usuario conociendo s\u00f3lo su ID, y conseguir acceso a su cuenta"
}
],
"id": "CVE-2021-24655",
"lastModified": "2024-11-21T05:53:30.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-17T11:15:08.367",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-23 04:15
Modified
2025-02-07 17:17
Severity ?
Summary
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpusermanager | wp_user_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpusermanager:wp_user_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EAEBF1A7-AFE3-4A76-AE26-5D1728C6AA05",
"versionEndExcluding": "2.9.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP User Manager \u2013 User Profile Builder \u0026 Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys."
},
{
"lang": "es",
"value": "El complemento WP User Manager \u2013 User Profile Builder \u0026amp; Membership para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n validation_user_meta_key() en todas las versiones hasta la 2.9.11 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, enumeren claves meta de usuario."
}
],
"id": "CVE-2024-10537",
"lastModified": "2025-02-07T17:17:18.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2024-11-23T04:15:07.663",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3194404/wp-user-manager/trunk/includes/actions.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9a5b7e-db74-4c66-a659-85b2509fded4?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-23 04:15
Modified
2025-02-07 17:17
Severity ?
Summary
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpusermanager | wp_user_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpusermanager:wp_user_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EAEBF1A7-AFE3-4A76-AE26-5D1728C6AA05",
"versionEndExcluding": "2.9.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP User Manager \u2013 User Profile Builder \u0026 Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027add_sidebar\u0027 and \u0027remove_sidebar\u0027 functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed."
},
{
"lang": "es",
"value": "El complemento WP User Manager \u2013 User Profile Builder \u0026amp; Membership para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en las funciones \u0027add_sidebar\u0027 y \u0027remove_sidebar\u0027 en todas las versiones hasta la 2.9.11 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, agreguen o eliminen una barra lateral personalizada de Carbon Fields si el complemento Carbon Fields (carbon-fields) est\u00e1 instalado."
}
],
"id": "CVE-2024-10216",
"lastModified": "2025-02-07T17:17:00.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2024-11-23T04:15:07.523",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L102"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L79"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/3194404/wp-user-manager/trunk/includes/class-wp-user-manager.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ab4e9c6-68b0-4113-bff0-c1d3c2d3dea4?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-26 21:15
Modified
2024-08-27 16:00
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wpusermanager | wp_user_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpusermanager:wp_user_manager:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5EDEB6C0-7AB5-4754-95D7-83A29855AA7D",
"versionEndIncluding": "2.9.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP User Manager. Este problema afecta a WP User Manager: desde n/a hasta 2.9.10."
}
],
"id": "CVE-2024-43336",
"lastModified": "2024-08-27T16:00:25.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-26T21:15:28.340",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/wp-user-manager/wordpress-wp-user-manager-user-profile-builder-membership-plugin-2-9-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
cve-2021-24655
Vulnerability from cvelistv5
Published
2022-07-17 10:35
Modified
2024-08-03 19:35
Severity ?
EPSS score ?
Summary
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP User Manager – User Profile Builder & Membership |
Version: 2.6.3 < 2.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP User Manager \u2013 User Profile Builder \u0026 Membership",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.3",
"status": "affected",
"version": "2.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "AyeCode Ltd"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T10:35:28",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP User Manager \u003c 2.6.3 - Arbitrary User Password Reset to Account Compromise",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24655",
"STATE": "PUBLIC",
"TITLE": "WP User Manager \u003c 2.6.3 - Arbitrary User Password Reset to Account Compromise"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP User Manager \u2013 User Profile Builder \u0026 Membership",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.6.3",
"version_value": "2.6.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "AyeCode Ltd"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24655",
"datePublished": "2022-07-17T10:35:28",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10216
Vulnerability from cvelistv5
Published
2024-11-23 03:25
Modified
2024-11-23 13:28
Severity ?
EPSS score ?
Summary
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpusermanager | WP User Manager – User Profile Builder & Membership |
Version: * ≤ 2.9.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-23T13:20:49.152525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:28:21.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP User Manager \u2013 User Profile Builder \u0026 Membership",
"vendor": "wpusermanager",
"versions": [
{
"lessThanOrEqual": "2.9.11",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "BrokenAC ignore"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP User Manager \u2013 User Profile Builder \u0026 Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027add_sidebar\u0027 and \u0027remove_sidebar\u0027 functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T03:25:47.933Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3ab4e9c6-68b0-4113-bff0-c1d3c2d3dea4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L79"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-user-manager/trunk/vendor-dist/htmlburger/carbon-fields/core/Libraries/Sidebar_Manager/Sidebar_Manager.php#L102"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3194404/wp-user-manager/trunk/includes/class-wp-user-manager.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-22T15:18:43.000+00:00",
"value": "Disclosed"
}
],
"title": "WP User Manager \u2013 User Profile Builder \u0026 Membership \u003c= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10216",
"datePublished": "2024-11-23T03:25:47.933Z",
"dateReserved": "2024-10-21T17:09:49.152Z",
"dateUpdated": "2024-11-23T13:28:21.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43336
Vulnerability from cvelistv5
Published
2024-08-26 20:34
Modified
2024-08-27 13:50
Severity ?
EPSS score ?
Summary
Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WP User Manager | WP User Manager |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T13:24:40.799310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T13:50:44.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-user-manager",
"product": "WP User Manager",
"vendor": "WP User Manager",
"versions": [
{
"lessThanOrEqual": "2.9.10",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ananda Dhakal (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.\u003cp\u003eThis issue affects WP User Manager: from n/a through 2.9.10.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T20:34:59.127Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wp-user-manager/wordpress-wp-user-manager-user-profile-builder-membership-plugin-2-9-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP User Manager \u2013 User Profile Builder \u0026 Membership plugin \u003c= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-43336",
"datePublished": "2024-08-26T20:34:59.127Z",
"dateReserved": "2024-08-09T09:22:04.305Z",
"dateUpdated": "2024-08-27T13:50:44.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10537
Vulnerability from cvelistv5
Published
2024-11-23 03:25
Modified
2024-11-23 13:28
Severity ?
EPSS score ?
Summary
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpusermanager | WP User Manager – User Profile Builder & Membership |
Version: * ≤ 2.9.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-23T13:20:36.637513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:28:20.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP User Manager \u2013 User Profile Builder \u0026 Membership",
"vendor": "wpusermanager",
"versions": [
{
"lessThanOrEqual": "2.9.11",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tieu Pham Trong Nhan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP User Manager \u2013 User Profile Builder \u0026 Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T03:25:50.903Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9a5b7e-db74-4c66-a659-85b2509fded4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3194404/wp-user-manager/trunk/includes/actions.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-22T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "WP User Manager \u2013 User Profile Builder \u0026 Membership \u003c= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10537",
"datePublished": "2024-11-23T03:25:50.903Z",
"dateReserved": "2024-10-30T11:47:10.139Z",
"dateUpdated": "2024-11-23T13:28:20.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}