CVE-2023-2446

CVE-2023-2446 (WordPress UserPro plugin) affects UserPro up to version 5.1.1. The vulnerability is a sensitive information disclosure via the userpro shortcode caused by insufficient restriction on sensitive user meta values, enabling authenticated attackers with subscriber-level permissions and ...

CVE-2023-2447

CVE-2023-2447 affects the WordPress UserPro plugin (up to v5.1.1). Root cause: CSRF due to missing/incorrect nonce validation in export_users, allowing unauthenticated export of users to CSV if a site admin is tricked. Mitigation: update to v5.1.2 (patch).

CVE-2017-16562

The CVE-2017-16562 entry concerns the WordPress UserPro Plugin prior to version 4.9.17.1. The vulnerability allows remote attackers, when the site uses the default admin username, to bypass authentication and obtain administrative access by sending a true value for the up_auto_log parameter in th...

CVE-2024-35700

CVE-2024-35700 affects the WordPress plugin “UserPro” (DeluxeThemes) up to version 5.1.8. The issue is described as Improper Privilege Management enabling Unauthenticated Account Takeover with privilege escalation. Impact as stated: confidential and integrity/availability impact; CVSS v3.1 base s...

CVE-2023-2439

The CVE-2023-2439 issue affects the WordPress UserPro plugin (version range up to 5.1.5). The root cause is insufficient input sanitization and output escaping on attributes passed to the userpro shortcode, enabling Stored Cross-Site Scripting. The vulnerability requires authentication with contr...