Login Sign Up

CVE-2023-6007

7.3 HIGH
Authentication Bypass

📋 TL;DR

The UserPro WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to add, modify, or delete user metadata and plugin options. This affects all versions up to and including 5.1.1. Any WordPress site using the vulnerable UserPro plugin is at risk.

💻 Affected Systems

Products:
  • UserPro WordPress Plugin
Versions: All versions up to and including 5.1.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress sites with UserPro plugin installed and activated.

📦 What is this software?

Userpro by Userproplugin

View all CVEs affecting Userpro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could compromise all user accounts, steal sensitive data, deface websites, or take complete control of the WordPress installation.

🟠

Likely Case

Attackers will modify user profiles, steal personal information, inject malicious content, or disrupt site functionality.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to attempted attacks that are detected and blocked.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP requests can trigger the vulnerability without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.1.2 or later

Vendor Advisory: https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find UserPro plugin. 4. Click 'Update Now' if available. 5. If not, download latest version from CodeCanyon and manually update.

🔧 Temporary Workarounds

Disable UserPro Plugin

all

Temporarily deactivate the vulnerable plugin until patched.

wp plugin deactivate userpro

Web Application Firewall Rule

all

Block requests to UserPro endpoints from unauthenticated users.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the WordPress site.
  • Enable detailed logging and monitoring for suspicious UserPro-related activity.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > UserPro version number. If version is 5.1.1 or lower, you are vulnerable.

Check Version:

wp plugin get userpro --field=version

Verify Fix Applied:

After updating, confirm UserPro plugin version is 5.1.2 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /wp-admin/admin-ajax.php with userpro_action parameters from unauthenticated IPs
  • Unexpected modifications to wp_usermeta table

Network Indicators:

  • HTTP requests to UserPro endpoints without authentication cookies

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND query_string="*userpro_action*") AND NOT user_agent="*bot*"

📊 Metadata

CVE ID: CVE-2023-6007
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-862
Published: November 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6007, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)