17 matches found
EUVD-2023-33933
Malicious code in bioql PyPI...
EUVD-2023-33934
Malicious code in bioql PyPI...
CVE-2023-2446
creationtimestamp| type| source ---|---|--- 2023-11-23 10:58:01+00:00| seen| https://t.me/CyberSecurityTechnologies/9447 2024-08-16 08:51:05+00:00| seen| https://t.me/Rootsec2/1998 2024-08-16 08:51:14+00:00| seen| https://t.me/Rootsec2/2051 2026-04-09 21:02:36+00:00| seen|...
UserPro < 5.1.2 - Authentication Bypass to Administrator
Description The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log ...
UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An...
CVE-2023-2448
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...
Design/Logic Flaw
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...
Sql injection
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...
Authentication flaw
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...
CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...
CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...
CVE-2023-2446
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...
CVE-2023-2446 UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...
CVE-2023-2446
CVE-2023-2446 (WordPress UserPro plugin) affects UserPro up to version 5.1.1. The vulnerability is a sensitive information disclosure via the userpro shortcode caused by insufficient restriction on sensitive user meta values, enabling authenticated attackers with subscriber-level permissions and ...
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...
Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care...
WordPress Userpro Plugin <= 5.1.1 is vulnerable to Sensitive Data Exposure
Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2446 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60ff01fd740b Credits István Márton Required...