VYPR

Userpro

by WordPress

CVEs (24)

  • CVE-2024-0701MedFeb 5, 2024
    risk 0.34cvss 5.3epss 0.01

    The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it…

  • CVE-2025-53444MedApr 15, 2026
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through < 5.1.11.

  • CVE-2024-12822Jan 30, 2025
    risk 0.00cvss epss 0.01

    The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. This makes it possible for…

  • CVE-2023-2439Jan 31, 2024
    risk 0.00cvss epss 0.00

    The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

Page 2 of 2