userproplugin

Top products

The 15 most recently published vulnerabilities affecting userproplugin.

• CVE-2024-12822Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update9.8Jan 30, 2025
• CVE-2024-12821Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update8.8Jan 30, 2025
• CVE-2024-35700WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability9.8Jun 4, 2024
• CVE-2024-0701UserPro <= 5.1.6 - Disabled Membership Registration Bypass5.3Feb 5, 2024
• CVE-2023-2439The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output e...6.4Jan 31, 2024
• CVE-2023-2497UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection8.8Nov 22, 2023
• CVE-2023-6008UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions6.3Nov 22, 2023
• CVE-2023-6009UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation8.8Nov 22, 2023
• CVE-2023-2449UserPro <= 5.1.1 - Insecure Password Reset Mechanism9.8Nov 22, 2023
• CVE-2023-2437UserPro <= 5.1.1 - Authentication Bypass to Administrator9.8Nov 22, 2023
• CVE-2023-2438UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata6.1Nov 22, 2023
• CVE-2023-2448UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template6.5Nov 22, 2023
• CVE-2023-2440UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation8.8Nov 22, 2023
• CVE-2023-6007UserPro <= 5.1.1 - Missing Authorization via multiple functions7.3Nov 22, 2023
• CVE-2023-2446UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode6.5Nov 22, 2023