Description

WordPress Plugin UserPro-Community and User Profile is prone to multiple vulnerabilities, including security bypass, privilege escalation, information disclosure or cross-site request forgery vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently log in as any existing user on the site, given they know the user�s email address, to bypass the expected capabilities check and perform otherwise restricted actions, to obtain sensitive information that may help in launching further attacks, or to perform certain administrative actions and gain unauthorized access to the affected application. WordPress Plugin UserPro-Community and User Profile version 5.1.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 5.1.2 or latest

References

Related Vulnerabilities