Userpro Security Vulnerabilities and Issues — Userpro CVE List

Lucene search

UserpropluginUserpro

3 matches found

CVE•added 2023/11/22 4:15 p.m.•77 views

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to mo...

8.8CVSS8.3AI score0.00092EPSS

CVE•added 2023/11/22 4:15 p.m.•75 views

CVE-2023-2497

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to t...

8.8CVSS8.5AI score0.00143EPSS

CVE•added 2023/11/22 4:15 p.m.•55 views

CVE-2023-6009

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify ...

8.8CVSS7.5AI score0.00206EPSS