Lucene search
K
UserpropluginUserpro

7 matches found

CVE
CVE
added 2023/11/22 7:32 a.m.110 views

CVE-2023-2446

CVE-2023-2446 (WordPress UserPro plugin) affects UserPro up to version 5.1.1. The vulnerability is a sensitive information disclosure via the userpro shortcode caused by insufficient restriction on sensitive user meta values, enabling authenticated attackers with subscriber-level permissions and ...

6.5CVSS5.8AI score0.00849EPSS
CVE
CVE
added 2023/11/22 3:33 p.m.104 views

CVE-2023-2448

CVE-2023-2448 concerns the WordPress UserPro plugin. Affected versions are up to and including 5.1.4, where a missing capability check in the function userpro_shortcode_template allows unauthenticated attackers to perform arbitrary shortcode execution and unauthorized data access. The incident is...

6.5CVSS6.1AI score0.00903EPSS
CVE
CVE
added 2023/11/22 3:33 p.m.86 views

CVE-2023-2438

CVE-2023-2438 : A CSRF flaw in the WordPress plugin UserPro (WordPress,

6.1CVSS6.1AI score0.00165EPSS
CVE
CVE
added 2023/11/22 7:32 a.m.84 views

CVE-2023-2447

CVE-2023-2447 affects the WordPress UserPro plugin (up to v5.1.1). Root cause: CSRF due to missing/incorrect nonce validation in export_users, allowing unauthenticated export of users to CSV if a site admin is tricked. Mitigation: update to v5.1.2 (patch).

6.1CVSS6.1AI score0.00181EPSS
CVE
CVE
added 2023/11/22 3:33 p.m.82 views

CVE-2023-6008

CVE-2023-6008 is a CSRF vulnerability in the WordPress UserPro plugin (

6.3CVSS4.8AI score0.00178EPSS
CVE
CVE
added 2024/01/31 2:35 a.m.61 views

CVE-2023-2439

The CVE-2023-2439 issue affects the WordPress UserPro plugin (version range up to 5.1.5). The root cause is insufficient input sanitization and output escaping on attributes passed to the userpro shortcode, enabling Stored Cross-Site Scripting. The vulnerability requires authentication with contr...

6.4CVSS5AI score0.00332EPSS
CVE
CVE
added 2018/09/06 11:0 p.m.42 views

CVE-2018-16285

CVE-2018-16285 affects the WordPress WordPress UserPro premium plugin up to version 4.9.23. The vulnerability is an XSS in the shortcode handling: attacker-supplied content passed to the userpro_shortcode_template action is reflected into wp-admin/admin-ajax.php, enabling cross-site scripting. Im...

6.1CVSS5.9AI score0.01345EPSS
Web