Description

WordPress Plugin UserPro-Community and User Profile is prone to multiple vulnerabilities, including security bypass, privilege escalation, information disclosure or cross-site request forgery vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently log in as any existing user on the site, given they know the user�s email address, to bypass the expected capabilities check and perform otherwise restricted actions, to obtain sensitive information that may help in launching further attacks, or to perform certain administrative actions and gain unauthorized access to the affected application. WordPress Plugin UserPro-Community and User Profile version 5.1.1 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 5.1.2 or latest

References

https://www.wordfence.com/blog/2023/11/several-critical-vulnerabilities-including-privilege-escalation-authentication-bypass-and-more-patched-in-userpro-wordpress-plugin/

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/userpro/userpro-511-cross-site-request-forgery-to-sensitive-information-exposure

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/userpro/userpro-511-missing-authorization-via-multiple-functions

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/userpro/userpro-511-cross-site-request-forgery-to-privilege-escalation

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/userpro/userpro-511-cross-site-request-forgery-via-multiple-functions

https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681#item-description__updates

Related Vulnerabilities

Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14868)

Oracle JRE CVE-2013-2448 Vulnerability (CVE-2013-2448)

WordPress 4.0.x Arbitrary File Deletion Vulnerability (4.0 - 4.0.23)

WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)

WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms Multiple SQL Injection Vulnerabilities (1.0.24)

Severity

High

Classification

CVE-2023-2437 CVE-2023-2440 CVE-2023-2446 CVE-2023-2447 CVE-2023-2449 CVE-2023-6007 CVE-2023-6008 CWE-200 CWE-269 CWE-345 CWE-352 CWE-862 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update