Lucene search
WpvulndbWPVDB-ID:DF8BFAA9-79E0-4BB2-909C-FDC9C21F3D9EHistoryNov 23, 2023 - 12:00 a.m.
UserPro < 5.1.2 - Sensitive Information Disclosure via Shortcode
2023-11-2300:00:00
wpscan.com
4
wordpress
sensitive information disclosure
shortcode
userpro
vulnerability
authentication
attackers
permissions
Description The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the ‘userpro’ shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.1.2 |
Related
prion
prion
Information disclosure
2023-11-22 08:15:00
Design/Logic Flaw
2023-11-22 16:15:00
Authentication flaw
2023-11-22 16:15:00
cvelist
cvelist
nvd
nvd
cve
cve
wpvulndb
wpvulndb
UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
2023-11-23 00:00:00
UserPro < 5.1.2 - Insecure Password Reset Mechanism
2023-11-23 00:00:00
UserPro < 5.1.2 - Authentication Bypass to Administrator
2023-11-23 00:00:00
wordfence
wordfence
packetstorm
packetstorm
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
2023-11-22 00:00:00
zdt
zdt
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.1%
Related for WPVDB-ID:DF8BFAA9-79E0-4BB2-909C-FDC9C21F3D9E