CVE-2024-35700

Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.8...

CVE-2024-35700 WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.8...

CVE-2024-35700 WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8...

UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation

Description The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthenticated account takeover in all versions up to, and including 5.1.8. This makes it possible for unauthenticated attackers to take over user accounts and gain highly privileged acces...

WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Userpro versions = 5.1.8...

WordPress Userpro Plugin <= 5.1.8 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.8 Fixed in 5.1.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-35700 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbe11c6e1e92 Credits Rafie Muhammad...

VulnCheck KEV: CVE-2024-35700

Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.8...

Exploit for Improper Authentication in Userproplugin Userpro

CVE-2023-2437 Hello, ALL , i m RxR I Coded Tool For Expl...

2023’s Critical WordPress Vulnerabilities and How They Work

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! In 2023, the Wordfence Threat Intelligence teams primary focus...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

Security feature bypass

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

CVE-2024-0701

CVE-2024-0701 concerns the WordPress UserPro plugin. The vulnerability is described as a Security Feature Bypass caused by relying on client-side restrictions to enforce the Disable Registration setting, enabling unauthenticated attackers to create accounts even when registration is disabled. Dat...

CVE-2024-0701 UserPro <= 5.1.6 - Disabled Membership Registration Bypass

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

CVE-2024-0701

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Userpro Plugin <= 5.1.6 is vulnerable to Bypass Vulnerability

Software Userpro Type Plugin Vulnerable versions = 5.1.6 Fixed in 5.1.7 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-0701 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 07d9348c166e Credits Rob Stevens Required privilege Unauthenticate...

UserPro < 5.1.7 - Disabled Membership Registration Bypass

Description The plugin is vulnerable to Security Feature Bypass, due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings, allowing unauthenticated attackers to register an account even when account registration has...

WordPress Userpro Plugin 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Userpro Type Plugin Vulnerable versions 5.1.5 Fixed in 5.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 45fa634a270a Credits István Márton Required privilege...

CVE-2023-2439

The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...