Home/Product/userproplugin userpro
Product

userproplugin userpro

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-35700
< 5.1.9
Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8
9.8CRITICAL
 CVE-2024-0701
<= 5.1.6
The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due
5.3MEDIUM
 CVE-2023-2439
< 5.1.6
The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and i
6.4MEDIUM
 CVE-2023-6009
<= 5.1.4
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient
8.8HIGH
 CVE-2023-6008
<= 5.1.1
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due
6.3MEDIUM
 CVE-2023-6007
<= 5.1.1
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing
7.3HIGH
 CVE-2023-2497
<= 5.1.0
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due
8.8HIGH
 CVE-2023-2449
<= 5.1.1
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due
9.8CRITICAL
 CVE-2023-2448
<= 5.1.4
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_sh
6.5MEDIUM
 CVE-2023-2440
<= 5.1.1
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due
8.8HIGH
 CVE-2023-2438
<= 5.1.0
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due
6.1MEDIUM
 CVE-2023-2437
<= 5.1.1
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to in
9.8CRITICAL
 CVE-2023-2447
< 5.1.2
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due
6.1MEDIUM
 CVE-2023-2446
< 5.1.2
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to,
6.5MEDIUM
 CVE-2019-14470
<= 4.9.32
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the
6.1MEDIUM
 CVE-2018-16285
<= 4.9.23
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to w
6.1MEDIUM
 CVE-2017-16562
< 4.9.17.1
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh