UserPro <= 5.1.1 - Authentication Bypass

The UserPro plugin for WordPress through 5.1.1 allows authentication bypass via the userprofbconnect AJAX action. id: CVE-2023-2437 info: name: UserPro = 5.1.1 - Authentication Bypass author: intelligent-ears severity: critical description: | The UserPro plugin for WordPress through 5.1.1 allows...

WordPress UserPro 4.9.32 - Cross-Site Scripting

WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API v2 it relies on allows it via the example/success.php errordescription parameter. id: CVE-2019-14470 info: name: WordPress UserPro 4.9.32 - Cross-Site Scripting author: daffainfo severity: mediu...

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

EUVD-2025-209483

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11...

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

CVE-2025-53444

The CVE describes a Cross‑Site Request Forgery (CSRF) vulnerability in the DeluxeThemes WordPress Userpro plugin prior to version 5.1.11, allowing CSRF exploitation. Affected software: WordPress Userpro plugin (pre-5.1.11). Root cause details are not expanded in the provided documents beyond the ...

CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a before 5.1.11...

CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

CVE-2025-53444

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Userpro versions 5.1.11...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-33076

Name of the Vulnerable Software and Affected Versions Userpro versions prior to 5.1.11 Description A Cross-Site Request Forgery CSRF flaw in DeluxeThemes Userpro allows an attacker to induce a user to perform actions they did not intend to. CSRF is a technique where a malicious site tricks a user...

WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Userpro versions = 5.1.9...

CVE-2025-68608

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

EUVD-2025-205185

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2025-68608

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2025-68608

CVE-2025-68608 is a Missing Authorization vulnerability in the WordPress plugin UserPro (UserPro – Community and User Profile). The Wordfence entry identifies the affected line as “Userpro ≤ 5.1.9” and labels the issue as Missing Authorization, implying unauthorized actions may be possible due to...

CVE-2025-68608 WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2025-68608 WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...