Lucene search
PRIOn knowledge basePRION:CVE-2023-2446HistoryNov 22, 2023 - 8:15 a.m.
Information disclosure
2023-11-2208:15:00
PRIOn knowledge base
www.prio-n.com
4
wordpress
userpro plugin
version 5.1.1
sensitive information disclosure
meta values
unauthorized access
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the ‘userpro’ shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.
Related
wpvulndb
wpvulndb
UserPro < 5.1.2 - Sensitive Information Disclosure via Shortcode
2023-11-23 00:00:00
UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
2023-11-23 00:00:00
UserPro < 5.1.2 - Insecure Password Reset Mechanism
2023-11-23 00:00:00
cvelist
cvelist
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2023-11-22 16:15:00
Authentication flaw
2023-11-22 16:15:00
Sql injection
2023-11-22 16:15:00
wordfence
wordfence
packetstorm
packetstorm
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
2023-11-22 00:00:00
zdt
zdt