CVE-2025-10003

Name of the Vulnerable Software and Affected Versions UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions through 1.2.44

Description The UsersWP plugin for WordPress is susceptible to a time-based SQL Injection issue due to insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries. This allows unauthenticated attackers to append additional SQL queries, potentially extracting sensitive information from the database via the upload file remove function and the htmlvar parameter.

Recommendations Update to version 1.2.45.