Userpro@5.1.0 Security Vulnerabilities and Issues — Userpro@5.1.0 CVE List

Lucene search

UserpropluginUserpro5.1.0

2 matches found

CVE•added 2023/11/22 4:15 p.m.•76 views

CVE-2023-2497

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to t...

8.8CVSS8.5AI score0.00143EPSS

CVE•added 2023/11/22 4:15 p.m.•73 views

CVE-2023-2438

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the user meta and inject...

6.1CVSS6.1AI score0.00148EPSS