Browse all 4 CVE security advisories affecting userplus. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Userplus is a user management platform designed for authentication and access control in web applications. Historically, it has been vulnerable to classes including remote code execution, cross-site scripting, and privilege escalation, with four CVEs documented. Security assessments reveal common flaws in input validation and session management, potentially allowing unauthorized access or system compromise. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests implementation risks. Organizations using Userplus should prioritize regular security updates and input sanitization to mitigate potential exploitation risks associated with its authentication and user management functions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-52442 | WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability — UserPlusCWE-266 | 9.8 | Critical | 2024-11-20 |
| CVE-2024-9520 | UserPlus <= 2.0 - Missing Authorization via Multiple Functions — User registration & user profile – UserPlusCWE-862 | 6.3 | Medium | 2024-10-10 |
| CVE-2024-9518 | UserPlus <= 2.0 - Unauthenticated Privilege Escalation — User registration & user profile – UserPlusCWE-269 | 9.8 | Critical | 2024-10-10 |
| CVE-2024-9519 | UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation — User registration & user profile – UserPlusCWE-266 | 7.2 | High | 2024-10-10 |
This page lists every published CVE security advisory associated with userplus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.