Vulnerabilities > Userproplugin > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-22 CVE-2023-2437 Improper Authentication vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1.
network
high complexity
userproplugin CWE-287
8.1
8.1
2023-11-22 CVE-2023-2440 Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1.
network
low complexity
userproplugin CWE-352
8.8
8.8
2023-11-22 CVE-2023-2497 Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0.
network
low complexity
userproplugin CWE-352
8.8
8.8
2023-11-22 CVE-2023-6009 Unspecified vulnerability in Userproplugin Userpro
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function.
network
low complexity
userproplugin
8.8
8.8