Vulnerabilities > Userproplugin > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-2437 Improper Authentication vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1.
network
high complexity
userproplugin CWE-287
8.1
8.1
2023-11-22 CVE-2023-2440 Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1.
network
low complexity
userproplugin CWE-352
8.8
8.8
2023-11-22 CVE-2023-2497 Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0.
network
low complexity
userproplugin CWE-352
8.8
8.8
2023-11-22 CVE-2023-6009 Unspecified vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function.
network
low complexity
userproplugin
8.8
8.8
2017-11-10 CVE-2017-16562 Improper Authentication vulnerability in Userproplugin Userpro
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.
network
low complexity
userproplugin CWE-287
7.5
7.5