Medium severity5.9NVD Advisory· Published Jun 14, 2025· Updated Jun 17, 2026
CVE-2025-4187
CVE-2025-4187
Description
The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected products
2- Range: <=5.1.10
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.