VYPR
Vendor

Userproplugin

Products
1
CVEs
18
Across products
18
Status
Private

Products

1

Recent CVEs

18
  • CVE-2023-2437CriNov 22, 2023
    risk 0.70cvss 9.8epss 0.07

    The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers…

  • CVE-2017-16562CriNov 10, 2017
    risk 0.69cvss 9.8epss 0.27

    The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.

  • CVE-2024-35700CriJun 4, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8.

  • CVE-2023-2449CriNov 22, 2023
    risk 0.64cvss 9.8epss 0.01

    The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The…

  • CVE-2023-6009HigNov 22, 2023
    risk 0.57cvss 8.8epss 0.01

    The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a…

  • CVE-2023-2497HigNov 22, 2023
    risk 0.57cvss 8.8epss 0.00

    The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP…

  • CVE-2023-2440HigNov 22, 2023
    risk 0.57cvss 8.8epss 0.00

    The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and 'verifyUnverifyAllUsers' functions. This makes it possible for…

  • CVE-2025-68608HigDec 24, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.

  • CVE-2023-6007HigNov 22, 2023
    risk 0.47cvss 7.3epss 0.00

    The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add,…

  • CVE-2023-2448MedNov 22, 2023
    risk 0.42cvss 6.5epss 0.01

    The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode…

  • CVE-2023-2446MedNov 22, 2023
    risk 0.42cvss 6.5epss 0.01

    The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it…

  • CVE-2023-6008MedNov 22, 2023
    risk 0.41cvss 6.3epss 0.00

    The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user…

  • CVE-2023-2438MedNov 22, 2023
    risk 0.40cvss 6.1epss 0.00

    The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata' function. This makes it possible for unauthenticated attackers to update the…

  • CVE-2023-2447MedNov 22, 2023
    risk 0.40cvss 6.1epss 0.00

    The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to…

  • CVE-2025-4187MedJun 14, 2025
    risk 0.38cvss 5.9epss 0.01

    The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of…

  • CVE-2024-0701MedFeb 5, 2024
    risk 0.34cvss 5.3epss 0.01

    The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it…

  • CVE-2025-53444MedApr 15, 2026
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through < 5.1.11.

  • CVE-2024-12822Jan 30, 2025
    risk 0.00cvss epss 0.01

    The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() function in all versions up to, and including, 3.11.0. This makes it possible for…