Vulnerabilities > Userproplugin > Userpro > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-22 | CVE-2023-2437 | Improper Authentication vulnerability in Userproplugin Userpro The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. | 8.1 |
2023-11-22 | CVE-2023-2440 | Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. | 8.8 |
2023-11-22 | CVE-2023-2497 | Cross-Site Request Forgery (CSRF) vulnerability in Userproplugin Userpro The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. | 8.8 |
2023-11-22 | CVE-2023-6009 | Unspecified vulnerability in Userproplugin Userpro The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. | 8.8 |
2017-11-10 | CVE-2017-16562 | Improper Authentication vulnerability in Userproplugin Userpro The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. | 7.5 |