3 matches found
CVE-2023-2440
CVE-2023-2440 (UserPro WordPress Plugin) affects version up to 5.1.1 and is a CSRF vulnerability due to missing nonce validation in admin_page, userpro_verify_user, and verifyUnverifyAllUsers. This allows unauthenticated attackers to modify verified users’ roles, potentially elevating privileges ...
CVE-2023-2497
CVE-2023-2497 affects the UserPro WordPress plugin up to version 5.1.0. It is a Cross-Site Request Forgery (CSRF) vulnerability stemming from missing or incorrect nonce validation on the import_settings function, which, when combined with unserialize() on user-supplied data, can enable unauthenti...
CVE-2023-6009
CVE-2023-6009 : The WordPress UserPro plugin (versions up to 5.1.4) is vulnerable to privilege escalation due to insufficient restriction of the function userpro_update_user_profile. An authenticated user with minimal permissions (e.g., a subscriber) can modify their own role by supplying the wp_...