Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

140 matches found

OSV
OSVadded 2023/11/22 4:15 p.m.1 views

CVE-2023-6009

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

8.8CVSS7.3AI score
Exploits0References3
OSV
OSVadded 2023/11/22 4:15 p.m.2 views

CVE-2023-6008

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...

4.3CVSS5.8AI score
Exploits0References2
NVD
NVDadded 2023/11/22 4:15 p.m.10 views

CVE-2023-6008

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...

6.3CVSS0.00065EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2023/11/22 4:15 p.m.1 views

CVE-2023-2437

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS6.9AI score0.75489EPSS
Exploits4References5
NVD
NVDadded 2023/11/22 4:15 p.m.9 views

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS0.00114EPSS
Exploits0References2
OSV
OSVadded 2023/11/22 4:15 p.m.2 views

CVE-2023-2437

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

8.1CVSS5.8AI score0.75489EPSS
Exploits4References3
OSV
OSVadded 2023/11/22 4:15 p.m.2 views

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

5.3CVSS5.9AI score0.00308EPSS
Exploits2References3
NVD
NVDadded 2023/11/22 4:15 p.m.29 views

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS0.00308EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2023/11/22 4:15 p.m.0 views

CVE-2023-2497

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to...

8.8CVSS7.1AI score0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2023/11/22 4:15 p.m.4 views

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS7.1AI score0.00114EPSS
Exploits0References3
Prion
Prionadded 2023/11/22 4:15 p.m.21 views

Authorization

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

6.5CVSS6.9AI score0.00153EPSS
Exploits2References3Affected Software1
Prion
Prionadded 2023/11/22 4:15 p.m.28 views

Authentication flaw

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

5.1CVSS6AI score0.75489EPSS
Exploits4References3Affected Software1
Prion
Prionadded 2023/11/22 4:15 p.m.12 views

Cross site request forgery (csrf)

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

5.8CVSS6.6AI score0.00183EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2023/11/22 4:15 p.m.16 views

Design/Logic Flaw

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

6.4CVSS7AI score0.00226EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2023/11/22 4:15 p.m.25 views

Design/Logic Flaw

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

5CVSS6.8AI score0.00308EPSS
Exploits2References3Affected Software1
Prion
Prionadded 2023/11/22 4:15 p.m.37 views

Sql injection

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

7.5CVSS6.5AI score0.00598EPSS
Exploits2References3Affected Software1
Cvelist
Cvelistadded 2023/11/22 3:33 p.m.17 views

CVE-2023-2497 UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to...

8.8CVSS8.8AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/11/22 3:33 p.m.21 views

CVE-2023-6008 UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...

6.3CVSS6.4AI score0.00065EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/11/22 3:33 p.m.31 views

CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

8.8CVSS8.8AI score0.00153EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2023/11/22 3:33 p.m.11 views

CVE-2023-2440 UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS7.1AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder