7 matches found
CVE-2023-2446
CVE-2023-2446 (WordPress UserPro plugin) affects UserPro up to version 5.1.1. The vulnerability is a sensitive information disclosure via the userpro shortcode caused by insufficient restriction on sensitive user meta values, enabling authenticated attackers with subscriber-level permissions and ...
CVE-2023-2448
CVE-2023-2448 concerns the WordPress UserPro plugin. Affected versions are up to and including 5.1.4, where a missing capability check in the function userpro_shortcode_template allows unauthenticated attackers to perform arbitrary shortcode execution and unauthorized data access. The incident is...
CVE-2023-2438
CVE-2023-2438 : A CSRF flaw in the WordPress plugin UserPro (WordPress,
CVE-2023-2447
CVE-2023-2447 affects the WordPress UserPro plugin (up to v5.1.1). Root cause: CSRF due to missing/incorrect nonce validation in export_users, allowing unauthenticated export of users to CSV if a site admin is tricked. Mitigation: update to v5.1.2 (patch).
CVE-2023-6008
CVE-2023-6008 is a CSRF vulnerability in the WordPress UserPro plugin (
CVE-2023-2439
The CVE-2023-2439 issue affects the WordPress UserPro plugin (version range up to 5.1.5). The root cause is insufficient input sanitization and output escaping on attributes passed to the userpro shortcode, enabling Stored Cross-Site Scripting. The vulnerability requires authentication with contr...
CVE-2018-16285
CVE-2018-16285 affects the WordPress WordPress UserPro premium plugin up to version 4.9.23. The vulnerability is an XSS in the shortcode handling: attacker-supplied content passed to the userpro_shortcode_template action is reflected into wp-admin/admin-ajax.php, enabling cross-site scripting. Im...