Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
userproplugin userpro vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-2449
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The func...
Userproplugin Userpro
6.5
CVSSv3
CVE-2023-2446
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes...
Userproplugin Userpro
6.1
CVSSv3
CVE-2023-2447
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated malicious users to expor...
Userproplugin Userpro
6.1
CVSSv3
CVE-2019-14470
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin up to and including 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
Instagram-php-api Project Instagram-php-api -
Userproplugin User Pro
1 EDB exploit
6.1
CVSSv3
CVE-2018-16285
The UserPro plugin up to and including 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
Userproplugin Userpro
9.8
CVSSv3
CVE-2017-16562
The UserPro plugin prior to 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote malicious users to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to t...
Userproplugin Userpro
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2