Filtered by vendor Saadiqbal
Subscriptions
Filtered by product User Management
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12097 | 2 Saadiqbal, Wordpress | 2 User Management, Wordpress | 2026-07-10 | 5.3 Medium |
| The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the plugin's export field configuration stored in the uiewp_export_field option, controlling which user fields such as password hashes are included in CSV exports and how columns are mapped during imports. | ||||
Page 1 of 1.