CVE-2023-6009 – UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-6009
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update. El complemento UserPro para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 5.1.4 incluida debido a una restricción insuficiente en la función 'userpro_update_user_profile'. Esto hace posible que atacantes autenticados, con permisos mínimos, como un suscriptor, modifiquen su rol de usuario proporcionando el parámetro 'wp_capabilities' durante una actualización de perfil. WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=cve • CWE-266: Incorrect Privilege Assignment •
CVE-2023-2446 – UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode
https://notcve.org/view.php?id=CVE-2023-2446
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account. El complemento UserPro para WordPress es vulnerable a la divulgación de información confidencial a través del código corto 'userpro' en versiones hasta la 5.1.1 incluida. Esto se debe a una restricción insuficiente de los metavalores sensibles del usuario que se pueden invocar a través de ese código abreviado. • http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-6007 – UserPro <= 5.1.1 - Missing Authorization via multiple functions
https://notcve.org/view.php?id=CVE-2023-6007
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. El complemento UserPro para WordPress es vulnerable al acceso no autorizado a datos, modificación de datos, pérdida de datos debido a una falta de verificación de capacidad en múltiples funciones en todas las versiones hasta la 5.1.1 incluida. Esto hace posible que atacantes no autenticados agreguen, modifiquen o eliminen metaopciones y complementos del usuario. • https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve • CWE-862: Missing Authorization •
CVE-2023-2497 – UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-2497
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento UserPro para WordPress es vulnerable a la Cross-Site Request Forgery en versiones hasta la 5.1.0 incluida. Esto se debe a una validación nonce faltante o incorrecta en la función 'import_settings'. • https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 https://www.wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-16285 – UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-16285
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. El plugin UserPro hasta la versión 4.9.23 para WordPress permite Cross-Site Scripting (XSS) mediante el parámetro shortcode en una acción userpro_shortcode_template en wp-admin/admin-ajax.php. • https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html https://wpvulndb.com/vulnerabilities/9124 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •