Vulnerabilities > Userproplugin

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-6008 Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1.
network
low complexity
userproplugin CWE-352
4.3
2023-11-22 CVE-2023-6009 Unspecified vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function.
network
low complexity
userproplugin
8.8
2023-11-22 CVE-2023-2446 Unspecified vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1.
network
low complexity
userproplugin
6.5
2023-11-22 CVE-2023-2447 Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1.
network
low complexity
userproplugin CWE-352
6.1
2019-09-04 CVE-2019-14470 Cross-site Scripting vulnerability in multiple products
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.
6.1
2018-09-06 CVE-2018-16285 Cross-site Scripting vulnerability in Userproplugin Userpro
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
network
low complexity
userproplugin CWE-79
6.1
2017-11-10 CVE-2017-16562 Improper Authentication vulnerability in Userproplugin Userpro
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
network
low complexity
userproplugin CWE-287
critical
9.8