Description
WordPress Plugin UserPro-Community and User Profile is prone to multiple vulnerabilities, including security bypass, privilege escalation, information disclosure or cross-site request forgery vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently log in as any existing user on the site, given they know the user�s email address, to bypass the expected capabilities check and perform otherwise restricted actions, to obtain sensitive information that may help in launching further attacks, or to perform certain administrative actions and gain unauthorized access to the affected application. WordPress Plugin UserPro-Community and User Profile version 5.1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.1.2 or latest
References
Related Vulnerabilities
WordPress Plugin Import any XML or CSV File to WordPress Cross-Site Scripting (3.6.2)
WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.1)
Claroline Other Vulnerability (CVE-2006-1594)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3470)
WordPress Plugin Cart66 Pro Arbitrary File Disclosure (1.5.3)