CVE-2025-53444 WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through 5.1.11...

CVE-2025-68608

CVE-2025-68608 is a Missing Authorization vulnerability in the WordPress plugin UserPro (UserPro – Community and User Profile). The Wordfence entry identifies the affected line as “Userpro ≤ 5.1.9” and labels the issue as Missing Authorization, implying unauthorized actions may be possible due to...

CVE-2025-68608 WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2025-22311 WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0...

CVE-2024-56210

CVE-2024-56210 is a reported Reflected Cross‑Site Scripting (XSS) vulnerability in the WordPress plugin UserPro . The connected Red Hat entry mirrors the description: it is an improper neutralization of input in web page generation that enables Reflected XSS, affecting UserPro versions up to 5.1....

CVE-2024-56212

CVE-2024-56212 affects the WordPress UserPro plugin (DeluxeThemes Userpro) up to version 5.1.9. Root cause: improper neutralization of special elements in SQL commands, creating a SQL injection in the plugin’s handling of user input. Impact is high (CVE metrics: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:...

CVE-2024-56211 WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9...

CVE-2024-56211

CVE-2024-56211 affects the WordPress Plugin UserPro by DeluxeThemes (versions up to 5.1.9). The connected documents describe a Missing Authorization vulnerability that enables an authenticated user to perform an Arbitrary User Meta Update, due to insufficient authorization checks in UserPro. The ...

CVE-2024-56211 WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability

Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-56214 WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through = 5.1.9...

CVE-2024-56214 WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through = 5.1.9...

WordPress Userpro Plugin <= 5.1.8 is vulnerable to Privilege Escalation

Software Userpro Type Plugin Vulnerable versions = 5.1.8 Fixed in 5.1.9 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-35700 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID fbe11c6e1e92 Credits Rafie Muhammad...

WordPress Userpro Plugin 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Userpro Type Plugin Vulnerable versions 5.1.5 Fixed in 5.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 45fa634a270a Credits István Márton Required privilege...

CVE-2023-2497

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to...

WordPress Userpro Plugin <= 5.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2497 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7210ffe49db6 Credits István Márton Required...

PT-2023-19561 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to, and including, 5.1.1 Description: The issue is due to missing nonce validation in the admin page, userpro verify user, and verifyUnverifyAllUsers functions, making it possible for unauthenticated...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6008 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 0d7bf2f1be27 Credits István Márton Required...

WordPress Userpro Plugin <= 5.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Userpro Type Plugin Vulnerable versions = 5.1.0 Fixed in 5.1.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2023-2438 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID c77096ae6f7c Credits István Márton...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Access Control

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6007 Patch priority Low CVSS severity Low 7.3 Developer Claim ownership PSID e8ac26fc5935 Credits István Márton Required privilege...

WordPress Userpro Plugin <= 5.1.1 is vulnerable to Broken Authentication

Software Userpro Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2023-2449 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 2a8ccae82ed6 Credits István Márton...