Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2023-33934

Malicious code in bioql PyPI...

9.8CVSS7.3AI score0.00902EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.32 views

UserPro < 5.1.2 - Authentication Bypass to Administrator

Description The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log ...

9.8CVSS7.2AI score0.06801EPSS
Exploits4References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.37 views

UserPro < 5.1.2 - Insecure Password Reset Mechanism

Description The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses...

9.8CVSS8.2AI score0.00903EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.42 views

Sql injection

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function userproprocessform. The function uses the plainte...

7.5CVSS6.5AI score0.00903EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.33 views

Authentication flaw

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

5.1CVSS6AI score0.06801EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.50 views

CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator

The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS8.3AI score0.06801EPSS
Exploits4References2
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.52 views

CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS7.2AI score0.00903EPSS
Exploits2References2
CVE
CVE
added 2023/11/22 3:33 p.m.105 views

CVE-2023-2448

CVE-2023-2448 concerns the WordPress UserPro plugin. Affected versions are up to and including 5.1.4, where a missing capability check in the function userpro_shortcode_template allows unauthenticated attackers to perform arbitrary shortcode execution and unauthorized data access. The incident is...

6.5CVSS6.1AI score0.00903EPSS
Exploits2References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2023/11/21 7:26 p.m.45 views

Several Critical Vulnerabilities including Privilege Escalation, Authentication Bypass, and More Patched in UserPro WordPress Plugin

On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, which is actively installed on more than 20,000 WordPress websites. Wordfence Premium, Wordfence Care...

7.5CVSS9.3AI score0.06801EPSS
Exploits4
Rows per page
Query Builder