331 matches found
EUVD-2025-2722
Malicious code in bioql PyPI...
EUVD-2024-35458
Malicious code in bioql PyPI...
EUVD-2024-53009
Malicious code in bioql PyPI...
EUVD-2025-2711
Malicious code in bioql PyPI...
EUVD-2024-53008
Malicious code in bioql PyPI...
EUVD-2023-33924
Malicious code in bioql PyPI...
CVE-2025-4187
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userprofbconnect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2025-4187
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userprofbconnect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2025-4187 UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userprofbconnect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
CVE-2025-4187
CVE-2025-4187 – UserPro plugin (WordPress) Affects: UserPro - Community and User Profile WordPress Plugin
CVE-2025-4187 UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userprofbconnect function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the...
WordPress UserPro plugin <= 5.1.10 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Userpro versions = 5.1.10...
WordPress plugin UserPro - Community and User Profile 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
PT-2025-25470 · WordPress · Userpro
Name of the Vulnerable Software and Affected Versions: UserPro - Community and User Profile WordPress Plugin versions up to, and including, 5.1.10 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
CVE-2024-0701
The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for...
CVE-2023-6009
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...
CVE-2023-2437
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...
CVE-2023-2440
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...
CVE-2023-2497
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to...
CVE-2023-6008
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...