Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
userproplugin userpro vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-16285
The UserPro plugin up to and including 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
Userproplugin Userpro
NA
CVE-2023-6007
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated malicious users to add...
Userproplugin Userpro
NA
CVE-2023-6008
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated malicious users to add, modify, or delete u...
Userproplugin Userpro
NA
CVE-2023-6009
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions suc...
Userproplugin Userpro
7.5
CVSSv2
CVE-2017-16562
The UserPro plugin prior to 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote malicious users to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to t...
Userproplugin Userpro
1 EDB exploit
NA
CVE-2023-2438
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated malicious users...
Userproplugin Userpro
NA
CVE-2023-2440
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This make...
Userproplugin Userpro
NA
CVE-2024-0701
The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings....
Userproplugin Userpro
NA
CVE-2023-2437
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated malicious us...
Userproplugin Userpro
1 Github repository
NA
CVE-2023-2439
The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic...
Userproplugin Userpro
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »