UserPro <= 5.1.1 - Authentication Bypass

The UserPro plugin for WordPress through 5.1.1 allows authentication bypass via the userprofbconnect AJAX action. id: CVE-2023-2437 info: name: UserPro = 5.1.1 - Authentication Bypass author: intelligent-ears severity: critical description: | The UserPro plugin for WordPress through 5.1.1 allows...

WordPress UserPro 4.9.32 - Cross-Site Scripting

WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API v2 it relies on allows it via the example/success.php errordescription parameter. id: CVE-2019-14470 info: name: WordPress UserPro 4.9.32 - Cross-Site Scripting author: daffainfo severity: mediu...

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

EUVD-2025-209483

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11...

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11...

CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

CVE-2025-53444

The CVE describes a Cross‑Site Request Forgery (CSRF) vulnerability in the DeluxeThemes WordPress Userpro plugin prior to version 5.1.11, allowing CSRF exploitation. Affected software: WordPress Userpro plugin (pre-5.1.11). Root cause details are not expanded in the provided documents beyond the ...

WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Userpro versions 5.1.11...

PT-2026-33076

Name of the Vulnerable Software and Affected Versions Userpro versions prior to 5.1.11 Description A Cross-Site Request Forgery CSRF flaw in DeluxeThemes Userpro allows an attacker to induce a user to perform actions they did not intend to. CSRF is a technique where a malicious site tricks a user...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Userpro versions = 5.1.9...

CVE-2025-68608

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

EUVD-2025-205185

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2025-68608

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2025-68608

CVE-2025-68608 is a Missing Authorization vulnerability in the WordPress plugin UserPro (UserPro – Community and User Profile). The Wordfence entry identifies the affected line as “Userpro ≤ 5.1.9” and labels the issue as Missing Authorization, implying unauthorized actions may be possible due to...

CVE-2025-68608 WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2025-68608 WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...