CVE-2024-56214 WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-56214 WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through = 5.1.9...

WordPress plugin Userpro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress plugin Userpro SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2024-36748 · Deluxethemes · Deluxethemes Userpro

Name of the Vulnerable Software and Affected Versions: DeluxeThemes Userpro versions n/a through 5.1.9 Description: The issue is a Path Traversal vulnerability, identified by the '.../...//' pattern, which allows directory traversal in DeluxeThemes Userpro. This vulnerability enables access to...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-36746 · Deluxethemes · Userpro

Name of the Vulnerable Software and Affected Versions: Userpro versions n/a through 5.1.9 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This problem affects DeluxeThemes Userpro. Recommendations: For...

PT-2024-36745 · Deluxethemes · Userpro

Name of the Vulnerable Software and Affected Versions: Userpro versions up to 5.1.9 Description: The issue is related to a missing authorization vulnerability in DeluxeThemes Userpro. This problem allows unauthorized access due to the lack of proper authorization checks. Recommendations: For...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-36744 · Userpro · Userpro

Name of the Vulnerable Software and Affected Versions: Userpro versions prior to 5.1.9 Description: The issue involves improper neutralization of input during web page generation, leading to a Cross-site Scripting XSS vulnerability, specifically Reflected XSS. This allows attackers to inject...

WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability

Authenticated Arbitrary User Meta Update vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.9...

CVE-2024-9863

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'defaultuserrole' option. This makes it possible for unauthenticated attackers to register an...

CVE-2024-9863 Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'defaultuserrole' option. This makes it possible for unauthenticated attackers to register an...

CVE-2024-9863

CVE-2024-9863 affects the WordPress UserPro plugin (versions up to 3.6.0). Root cause: insecure default_user_role setting (administrator) enables unauthenticated users to register an administrator. Impact: privilege escalation; can occur even if registration is disabled. Public details confirm af...

WordPress plugin UserPro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-39895 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 3.6.0 Description: The issue is related to privilege escalation due to the insecure 'administrator' default value for the default user role option. This allows unauthenticated...

CVE-2024-35700

Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8...