CVE-2023-2437 – UserPro <= 5.1.1 - Authentication Bypass to Administrator
https://notcve.org/view.php?id=CVE-2023-2437
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • https://github.com/RxRCoder/CVE-2023-2437 http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2023-6009 – UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-6009
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve • CWE-266: Incorrect Privilege Assignment •
CVE-2023-6065 – Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-6065
This makes it possible for unauthenticated attackers to extract sensitive data. • https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9JaB87EEf/view?usp=sharing https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-2446 – UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode
https://notcve.org/view.php?id=CVE-2023-2446
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. ... WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-36013 – PowerShell Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36013
PowerShell Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de PowerShell • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36013 • CWE-668: Exposure of Resource to Wrong Sphere CWE-798: Use of Hard-coded Credentials •