VYPR
Medium severity5.9NVD Advisory· Published Jun 14, 2025· Updated Jun 17, 2026

CVE-2025-4187

CVE-2025-4187

Description

The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.