Lucene search
WpvulndbWPVDB-ID:6BE59D55-4347-4CE5-BE6D-698BD5C12CF3HistoryNov 23, 2023 - 12:00 a.m.
UserPro < 5.1.5 - Authenticated (Subscriber+) Privilege Escalation
2023-11-2300:00:00
wpscan.com
18
userpro plugin
vulnerability
privilege escalation
wordpress
authenticated attackers
subscriber
user role modification
Description The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the ‘userpro_update_user_profile’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘wp_capabilities’ parameter during a profile update.
Related
cvelist
cvelist
CVE-2023-6009
2023-11-22 15:33:37
prion
prion
Authorization
2023-11-22 16:15:00
cve
cve
CVE-2023-6009
2023-11-22 16:15:15
nvd
nvd
CVE-2023-6009
2023-11-22 16:15:15
vulnrichment
vulnrichment
CVE-2023-6009
2023-11-22 15:33:37
wordfence
wordfence
zdt
zdt
packetstorm
packetstorm
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
2023-11-22 00:00:00
AI Score
7
Confidence
High
EPSS
0.001
Percentile
35.1%
Related for WPVDB-ID:6BE59D55-4347-4CE5-BE6D-698BD5C12CF3