3 matches found
CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...
CVE-2023-6009
CVE-2023-6009 : The WordPress UserPro plugin (versions up to 5.1.4) is vulnerable to privilege escalation due to insufficient restriction of the function userpro_update_user_profile. An authenticated user with minimal permissions (e.g., a subscriber) can modify their own role by supplying the wp_...
WordPress Userpro Plugin <= 5.1.4 is vulnerable to Privilege Escalation
Software Userpro Type Plugin Vulnerable versions = 5.1.4 Fixed in 5.1.5 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2023-6009 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7046ef9feaa8 Credits István Márton Required privilege...