WP User Manager

WP User Manager

Developer

2.9.13

Latest version

10,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

1 present

4 fixed

2 Mitigation rules

Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter vulnerability
<= 2.9.12
Dec 12, 2025
PHP Object Injection vulnerability
<= 2.9.12
May 19, 2025
Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration vulnerability
<= 2.9.11
Nov 22, 2024
Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal vulnerability
<= 2.9.11
Nov 22, 2024
Cross Site Request Forgery (CSRF) vulnerability
<= 2.9.10
Aug 16, 2024