Vulnerabilities > Userproplugin > Userpro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2024-35700 | Unspecified vulnerability in Userproplugin Userpro Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8. | 9.8 |
| 2023-11-22 | CVE-2023-2449 | Unspecified vulnerability in Userproplugin Userpro The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. | 9.8 |
| 2017-11-10 | CVE-2017-16562 | Improper Authentication vulnerability in Userproplugin Userpro The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. | 9.8 |