Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

331 matches found

CVE
CVEadded 2023/11/22 3:33 p.m.84 views

CVE-2023-2438

CVE-2023-2438 : A CSRF flaw in the WordPress plugin UserPro (WordPress,

6.1CVSS6.1AI score0.00183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/11/22 3:33 p.m.17 views

CVE-2023-2438 UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

6.1CVSS6.1AI score0.00183EPSS
Exploits0References2
CVE
CVEadded 2023/11/22 3:33 p.m.99 views

CVE-2023-2448

CVE-2023-2448 concerns the WordPress UserPro plugin. Affected versions are up to and including 5.1.4, where a missing capability check in the function userpro_shortcode_template allows unauthenticated attackers to perform arbitrary shortcode execution and unauthorized data access. The incident is...

6.5CVSS6.1AI score0.00308EPSS
Exploits2References3Affected Software1
Cvelist
Cvelistadded 2023/11/22 3:33 p.m.40 views

CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS7.2AI score0.00308EPSS
Exploits2References2
Vulnrichment
Vulnrichmentadded 2023/11/22 3:33 p.m.11 views

CVE-2023-2440 UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS7.1AI score0.00114EPSS
Exploits0References2
Cvelist
Cvelistadded 2023/11/22 3:33 p.m.15 views

CVE-2023-2440 UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS8.5AI score0.00114EPSS
Exploits0References2
CVE
CVEadded 2023/11/22 3:33 p.m.95 views

CVE-2023-2440

CVE-2023-2440 (UserPro WordPress Plugin) affects version up to 5.1.1 and is a CSRF vulnerability due to missing nonce validation in admin_page, userpro_verify_user, and verifyUnverifyAllUsers. This allows unauthenticated attackers to modify verified users’ roles, potentially elevating privileges ...

8.8CVSS8.3AI score0.00114EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/11/22 3:33 p.m.82 views

CVE-2023-6007

CVE-2023-6007 affects the WordPress plugin UserPro – Community and User Profile WordPress Plugin . Root cause: a missing capability check on multiple functions in all versions up to 5.1.1, allowing unauthenticated attackers to perform data access and manipulation. Impact (as stated): attackers ca...

7.3CVSS6.5AI score0.00226EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/11/22 3:33 p.m.14 views

CVE-2023-6007 UserPro <= 5.1.1 - Missing Authorization via multiple functions

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

7.3CVSS7.2AI score0.00226EPSS
Exploits0References2
OSV
OSVadded 2023/11/22 8:15 a.m.1 views

CVE-2023-2447

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'exportusers' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted...

6.1CVSS7.2AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2023/11/22 8:15 a.m.1 views

CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

6.5CVSS6.8AI score0.00294EPSS
Exploits2References4
OSV
OSVadded 2023/11/22 8:15 a.m.1 views

CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

6.5CVSS5.8AI score
Exploits0References3
NVD
NVDadded 2023/11/22 8:15 a.m.26 views

CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

6.5CVSS0.00294EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2023/11/22 8:15 a.m.0 views

CVE-2023-2447

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'exportusers' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted...

6.1CVSS6.8AI score0.00284EPSS
Exploits0References3
NVD
NVDadded 2023/11/22 8:15 a.m.19 views

CVE-2023-2447

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'exportusers' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted...

6.1CVSS0.00284EPSS
Exploits0References2
Prion
Prionadded 2023/11/22 8:15 a.m.29 views

Information disclosure

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

4CVSS5.8AI score0.00294EPSS
Exploits2References3Affected Software1
Prion
Prionadded 2023/11/22 8:15 a.m.14 views

Cross site request forgery (csrf)

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'exportusers' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted...

5.8CVSS6.7AI score0.00284EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2023/11/22 7:32 a.m.108 views

CVE-2023-2446

CVE-2023-2446 (WordPress UserPro plugin) affects UserPro up to version 5.1.1. The vulnerability is a sensitive information disclosure via the userpro shortcode caused by insufficient restriction on sensitive user meta values, enabling authenticated attackers with subscriber-level permissions and ...

6.5CVSS5.8AI score0.00294EPSS
Exploits2References3Affected Software1
Cvelist
Cvelistadded 2023/11/22 7:32 a.m.27 views

CVE-2023-2446 UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

6.5CVSS6.9AI score0.00294EPSS
Exploits2References2
Cvelist
Cvelistadded 2023/11/22 7:32 a.m.20 views

CVE-2023-2447 UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'exportusers' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted...

6.1CVSS6.1AI score0.00284EPSS
Exploits0References2
Rows per page
Query Builder