CVE-2025-68608

CVE-2025-68608 is a Missing Authorization vulnerability in the WordPress plugin UserPro (UserPro – Community and User Profile). The Wordfence entry identifies the affected line as “Userpro ≤ 5.1.9” and labels the issue as Missing Authorization, implying unauthorized actions may be possible due to...

PT-2025-25470 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro - Community and User Profile WordPress Plugin versions up to, and including, 5.1.10 Description: The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...

CVE-2025-22322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...

CVE-2024-12821

The CVE-2024-12821 entry concerns the WordPress plugin Media Manager for UserPro. A missing capability check in upm_upload_media() affects all versions up to 3.12.0, allowing authenticated users with Subscriber+ privileges to modify arbitrary options and potentially set the default registration r...

CVE-2025-22322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging allows Reflected XSS.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...

CVE-2025-22311

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...

CVE-2025-22311

CVE-2025-22311 is a Local File Inclusion vulnerability in the WordPress plugin Private Messages for UserPro (NotFound Private Messages) with affected versions up to 4.10.0. The root cause is improper control of filenames for Include/Require in PHP. Public sources in the Connected Documents confir...

CVE-2025-22322 WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0...

CVE-2024-56210

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-56212 WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.9...

WordPress plugin Userpro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Plugin UserPro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...