4 matches found
CVE-2023-2449
The CVE-2023-2449 issue concerns the WordPress UserPro plugin. Concrete details from connected sources show that versions up to 5.1.1 are affected by an unauthorized password-reset flaw due to the plugin using plaintext reset keys (userpro_process_form) instead of a hashed value, enabling misuse ...
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Privilege Escalation Vulnerability
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities. Vulnerability Details & Technic...
WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication
Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2449 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 2a8ccae82ed6 Credits István Márton...