漏洞概述 漏洞名称: UsersWP <= 1.2.58 - Authenticated (Subscriber+) Server-Side Request Forgery via 'uwp_crop' Parameter 描述: UsersWP插件在WordPress中用于前端登录、用户注册、用户资料和成员目录功能。该插件存在盲服务器端请求伪造漏洞,影响所有版本,包括1.2.58。这是由于在处理头像/横幅图像时, 方法中URL源验证不足,导致可以发起任意HTTP请求到攻击者控制的或内部网络目的地,从而启用内部网络扫描并可能访问敏感服务。 影响范围 受影响版本: UsersWP <= 1.2.58 CVSS评分: 5.0 软件类型: 插件 软件Slug: userswp 是否已修补: 是 修复版本: 1.2.59或更高版本 修复方案 修复方法: 更新到版本1.2.59或更高版本。 其他信息 最后更新时间: 2026年4月11日 研究人员: a0me0ne 参考链接: - plugins.trac.wordpress.org - github.com 近期漏洞 UsersWP - Front-end login form, User Registration, User Profile & Members Directory plugin for WP - CVE-2026-4977: UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Username Modification via 'uwp_crop' Parameter - CVE-2026-5742: UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution - CVE-2026-25015: UsersWP <= 1.2.53 - Cross-Site Request Forgery - CVE-2025-47593: UsersWP <= 1.2.48 - Cross-Site Request Forgery - CVE-2025-66072: UsersWP <= 1.2.47 - Missing Authorization - CVE-2025-10003: UsersWP - Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.44 - Authenticated (Contributor+) SQL Injection - CVE-2025-9344: UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting - CVE-2024-43277: UsersWP <= 1.2.15 - Missing Authorization - CVE-2024-6477: UsersWP - Front-end login form, User Registration, User Profile & Members Directory plugin for WP <= 1.2.11 - Unauthenticated Information Disclosure via Unprotected Directories - CVE-2024-6265: UsersWP - Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' 总结 UsersWP插件存在多个安全漏洞,其中最新的漏洞是服务器端请求伪造(SSRF),影响版本<=1.2.58。建议尽快更新到1.2.59或更高版本以修复此漏洞。