WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2447 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID f82d076bd579 Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Sensitive Data Exposure

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2446 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60ff01fd740b Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Broken Access Control

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-2448 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d9e8e6635e89 Credits István Márton Required privilege...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2440 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 1d6ddaf7ecad Credits István Márton Required...

VulnCheck KEV: CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

GHSA-GCV6-2V9C-RJ48 Cosenary Instagram-PHP-API contains reflected XSS vulnerability

cosenary Instagram-PHP-API aka Instagram PHP API V2, used in the UserPro plugin through 4.9.32 for WordPress, is vulnerable to cross-site scripting via the example/success.php errordescription parameter. Vulnerable code: php if isset$GET'error' echo 'An error occurred: ' . $GET'errordescription';...

Cosenary Instagram-PHP-API contains reflected XSS vulnerability

cosenary Instagram-PHP-API aka Instagram PHP API V2, used in the UserPro plugin through 4.9.32 for WordPress, is vulnerable to cross-site scripting via the example/success.php errordescription parameter. Vulnerable code: php if isset$GET'error' echo 'An error occurred: ' . $GET'errordescription';...

CVE-2019-14470

cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...

Design/Logic Flaw

cosenary Instagram-PHP-API aka Instagram PHP API V2, as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php errordescription parameter...

WordPress UserPro Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.UserPro is a user profile management plugin used in it. A cross-site scripting vulnerability exists in WordPress UserPro plugin version...

CVE-2018-16285

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userproshortcodetemplate action to wp-admin/admin-ajax.php...

UserPro Plugin for WordPress up_auto_log Parameter Remote Authentication Bypass

The UserPro Plugin for WordPress running on the remote web server is prior to version 4.9.17.1 It is, therefore, affected by a remote authentication bypass vulnerability. A remote, unauthenticated attacker can exploit this vulnerability, via a specially crafted request, to login as an...

WordPress Userpro Plugin Authentication Bypass (CVE-2017-16562)

An authentication bypass vulnerability exists in WordPress Userpro Plugin. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

Immunity Canvas: WPUSERPRO_RCE

Name| wpuserprorce ---|--- CVE| CVE-2017-16562 Exploit Pack| CANVAS Description| Wordpress Remote Command Execution Through UserPro Plugin login bypass Notes| References: https://www.exploit-db.com/exploits/43117/ Repeatability: Infinite VENDOR: UserPro Plugin CVE Url:...

Authentication flaw

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

WordPress UserPro Plugin Authentication Bypass Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.UserPro plugin for WordPress is a plugin for creating social platform sites using WordPress. The plugin has...

UserPro <= 4.9.17 - Authentication Bypass

The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to the...

WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass

WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage:...

WordPress Plugin Userpro &lt; 4.9.17.1 - Authentication Bypass

Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681?srank=9...