WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-19620 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to and including 5.1.1 Description: The issue allows authenticated attackers with subscriber-level permissions and above to disclose sensitive user information. This is possible due to insufficient...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-19637 · WordPress +1 · Userpro

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userpro process form. The function uses the...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6008 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 0d7bf2f1be27 Credits István Márton Required...

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2437 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9aac076e3030 Credits István Márton...

WordPress Userpro Plugin <= 5.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-2438 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID c77096ae6f7c Credits István Márton...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2449 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 2a8ccae82ed6 Credits István Márton...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Access Control

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6007 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID e8ac26fc5935 Credits István Márton Required privilege...

VulnCheck KEV: CVE-2023-2446

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2447 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID f82d076bd579 Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Sensitive Data Exposure

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-2446 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 60ff01fd740b Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-6009 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7046ef9feaa8 Credits István Márton Required privilege...

WordPress Userpro Plugin <= 5.1.4 is vulnerable to Broken Access Control

Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-2448 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d9e8e6635e89 Credits István Márton Required privilege...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2440 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 1d6ddaf7ecad Credits István Márton Required...

PT-2023-19633 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to and including 5.1.4 Description: The issue allows unauthorized access to data due to a missing capability check on the userpro shortcode template function. This enables unauthenticated attackers to...

VulnCheck KEV: CVE-2017-16562

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the upautolog parameter in the QUERYSTRING to the default URI...

Cosenary Instagram-PHP-API contains reflected XSS vulnerability

cosenary Instagram-PHP-API aka Instagram PHP API V2, used in the UserPro plugin through 4.9.32 for WordPress, is vulnerable to cross-site scripting via the example/success.php errordescription parameter. Vulnerable code: php if isset$GET'error' echo 'An error occurred: ' . $GET'errordescription';...