📦 Userpro

This vulnerability in the UserPro WordPress plugin allows unauthenticated attackers to escalate privileges and take over user accounts. It affects all UserPro plugin versions up to and including 5.1.8...

The UserPro WordPress plugin up to version 5.1.1 has an authentication bypass vulnerability in its Facebook login functionality. Unauthenticated attackers can log in as any existing user, including ad...

The UserPro WordPress plugin versions up to 5.1.1 contain an authentication bypass vulnerability that allows unauthorized password resets. Attackers can reset any user's password without authenticatio...

The UserPro WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to add, modify, or delete user metadata and plugin options. This affects all versions up...

The UserPro WordPress plugin (versions up to 5.1.4) contains a privilege escalation vulnerability where authenticated users with minimal permissions (like subscribers) can modify their user role to ad...

The UserPro WordPress plugin up to version 5.1.1 has a Cross-Site Request Forgery vulnerability that allows unauthenticated attackers to trick administrators into performing actions that elevate user ...