WordPress plugin Userpro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability

Authenticated Arbitrary User Meta Update vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress plugin UserPro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.8...

WordPress Userpro Plugin <= 5.1.8 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.8 Fixed in 5.1.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-35700 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbe11c6e1e92 Credits Rafie Muhammad...

Exploit for Improper Authentication in Userproplugin Userpro

CVE-2023-2437 Hello, ALL , i m RxR I Coded Tool For Expl...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

Security feature bypass

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

WordPress Userpro Plugin <= 5.1.6 is vulnerable to Bypass Vulnerability

Software Userpro Type Plugin Vulnerable versions = 5.1.6 Fixed in 5.1.7 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0701 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 07d9348c166e Credits Rob Stevens Required privilege Unauthenticate...

WordPress Userpro Plugin 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Userpro Type Plugin Vulnerable versions 5.1.5 Fixed in 5.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 45fa634a270a Credits István Márton Required privilege...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

WordPress plugin UserPro security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-12033 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 5.1.5 Description: The issue is related to Stored Cross-Site Scripting via the 'userpro' shortcode due to insufficient input sanitization and output escaping on user-supplied...

UserPro < 5.1.5 - Authenticated (Subscriber+) Privilege Escalation

Description The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...