Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-33933

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00903EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2023-33934

Malicious code in bioql PyPI...

9.8CVSS7.3AI score0.00902EPSS
Exploits2References3
Circl
Circl
added 2023/11/23 10:58 a.m.3 views

CVE-2023-2446

creationtimestamp| type| source ---|---|--- 2023-11-23 10:58:01+00:00| seen| https://t.me/CyberSecurityTechnologies/9447 2024-08-16 08:51:05+00:00| seen| https://t.me/Rootsec2/1998 2024-08-16 08:51:14+00:00| seen| https://t.me/Rootsec2/2051 2026-04-09 21:02:36+00:00| seen|...

6.5CVSS7.2AI score0.00849EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.32 views

UserPro < 5.1.2 - Authentication Bypass to Administrator

Description The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log ...

9.8CVSS7.2AI score0.06801EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.30 views

UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An...

6.5CVSS6.8AI score0.00903EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2023/11/22 4:15 p.m.40 views

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS0.00903EPSS
Exploits2References3
Prion
Prion
added 2023/11/22 4:15 p.m.28 views

Design/Logic Flaw

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

5CVSS6.8AI score0.00903EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.39 views

Sql injection

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

7.5CVSS6.5AI score0.00903EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.32 views

Authentication flaw

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

5.1CVSS6AI score0.06801EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.48 views

CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS8.3AI score0.06801EPSS
Exploits4References2
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.51 views

CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS7.2AI score0.00903EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2023/11/22 8:15 a.m.3 views

CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

6.5CVSS6.8AI score0.00849EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/11/22 7:32 a.m.42 views

CVE-2023-2446 UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

6.5CVSS6.9AI score0.00849EPSS
Exploits2References2
CVE
CVE
added 2023/11/22 7:32 a.m.110 views

CVE-2023-2446

CVE-2023-2446 (WordPress UserPro plugin) affects UserPro up to version 5.1.1. The vulnerability is a sensitive information disclosure via the userpro shortcode caused by insufficient restriction on sensitive user meta values, enabling authenticated attackers with subscriber-level permissions and ...

6.5CVSS5.8AI score0.00849EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2023/11/22 12:0 a.m.690 views

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation

Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...

9.8CVSS8.1AI score0.06801EPSS
Exploits4
Wordfence Blog
Wordfence Blog
added 2023/11/21 7:26 p.m.43 views

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care...

7.5CVSS9.3AI score0.06801EPSS
Exploits4
Patchstack
Patchstack
added 2023/11/21 12:0 a.m.15 views

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Sensitive Data Exposure

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2446 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60ff01fd740b Credits István Márton Required...

6.5CVSS6.8AI score0.00849EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder