UsersWP

Stiofan

Developer

1.2.65

Latest version

20,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

16 patched

3 Mitigation rules

Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset vulnerability
<= 1.2.63
17/06/2026
Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution vulnerability
<= 1.2.60
13/04/2026
Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter vulnerability
<= 1.2.58
12/04/2026
Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter vulnerability
<= 1.2.58
10/04/2026
Cross Site Request Forgery (CSRF) vulnerability
<= 1.2.53
28/01/2026
Cross Site Request Forgery (CSRF) vulnerability
<= 1.2.48
15/12/2025
Broken Access Control vulnerability
<= 1.2.47
25/11/2025
Authenticated (Subscriber+) SQL Injection vulnerability
<= 1.2.44
06/09/2025
Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
<= 1.2.42
27/08/2025
Broken Access Control vulnerability
<= 1.2.15
16/08/2024
Users Information Disclosure vulnerability
< 1.2.12
05/08/2024
Unauthenticated SQL Injection via 'uwp_sort_by' vulnerability
<= 1.2.10
01/07/2024
Cross Site Request Forgery (CSRF) vulnerability
< 1.2.6
10/04/2024
Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 1.2.6
14/03/2024
CSV Injection
<= 1.2.3.9
20/02/2023
Authenticated (Administrator+) CSV Injection vulnerability
<= 1.2.3.9
23/12/2022