Every CVE whose affected-product data names Userproplugin Userpro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2017-16562 — CVSS 9.8 (critical): The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass…
CVE-2023-2437 — CVSS 9.8 (critical): The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to…
CVE-2023-2449 — CVSS 9.8 (critical): The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the…
CVE-2024-35700 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8.
CVE-2023-2497 — CVSS 8.8 (high): The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to…
CVE-2023-2440 — CVSS 8.8 (high): The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to…
CVE-2023-6009 — CVSS 8.8 (high): The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient…
CVE-2023-6007 — CVSS 7.3 (high): The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing…
CVE-2023-2446 — CVSS 6.5 (medium): The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and…
CVE-2023-2448 — CVSS 6.5 (medium): The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…
CVE-2023-2439 — CVSS 6.4 (medium): The UserPro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userpro' shortcode in versions up to, and including…
CVE-2023-6008 — CVSS 6.3 (medium): The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to…
CVE-2018-16285 — CVSS 6.1 (medium): The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to…
CVE-2023-2447 — CVSS 6.1 (medium): The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to…
CVE-2023-2438 — CVSS 6.1 (medium): The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to…
CVE-2024-0701 — CVSS 5.3 (medium): The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the…