WP User Manager Vulnerability Disclosure Program (original) (raw)
Vulnerability history
1 present
4 fixed
2 Mitigation rules
- Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability<= 2.9.12Dec 12, 2025
- PHP Object Injection vulnerability<= 2.9.12May 19, 2025
- Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration vulnerability<= 2.9.11Nov 22, 2024
- Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal vulnerability<= 2.9.11Nov 22, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 2.9.10Aug 16, 2024