Lucene search
K

4 matches found

CVE
CVE
added 2023/11/22 3:33 p.m.94 views

CVE-2023-2449

The CVE-2023-2449 issue concerns the WordPress UserPro plugin. Concrete details from connected sources show that versions up to 5.1.1 are affected by an unauthorized password-reset flaw due to the plugin using plaintext reset keys (userpro_process_form) instead of a hashed value, enabling misuse ...

9.8CVSS6.4AI score0.00902EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2023/11/22 12:0 a.m.696 views

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation

Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...

9.8CVSS8.1AI score0.06801EPSS
Exploits4
0day.today
0day.today
added 2023/11/22 12:0 a.m.615 views

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Privilege Escalation Vulnerability

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities. Vulnerability Details & Technic...

9.8CVSS8.2AI score0.06801EPSS
Exploits4
Patchstack
Patchstack
added 2023/11/21 12:0 a.m.13 views

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2449 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 2a8ccae82ed6 Credits István Márton...

9.8CVSS6.9AI score0.00902EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder