Userpro@5.1.4 Security Vulnerabilities and Issues — Userpro@5.1.4 CVE List

Lucene search

UserpropluginUserpro5.1.4

2 matches found

CVE•added 2023/11/22 4:15 p.m.•85 views

CVE-2023-2448

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

6.5CVSS6.1AI score0.00409EPSS

CVE•added 2023/11/22 4:15 p.m.•56 views

CVE-2023-6009

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify ...

8.8CVSS7.5AI score0.00206EPSS