Lucene search
WpvulndbWPVDB-ID:A24A6B58-95EE-434A-A7D1-FB2CF820F0DFHistoryNov 23, 2023 - 12:00 a.m.
UserPro < 5.1.5 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template
2023-11-2300:00:00
wpscan.com
5
userpro
wordpress
vulnerability
missing authorization
arbitrary shortcode execution
cve-2023-2446
data access
Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘userpro_shortcode_template’ function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.1.5 |
Related
prion
prion
Design/Logic Flaw
2023-11-22 16:15:00
Sql injection
2023-11-22 16:15:00
Authentication flaw
2023-11-22 16:15:00
cvelist
cvelist
nvd
nvd
cve
cve
wpvulndb
wpvulndb
UserPro < 5.1.2 - Authentication Bypass to Administrator
2023-11-23 00:00:00
UserPro < 5.1.2 - Insecure Password Reset Mechanism
2023-11-23 00:00:00
UserPro < 5.1.2 - Sensitive Information Disclosure via Shortcode
2023-11-23 00:00:00
wordfence
wordfence
packetstorm
packetstorm
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
2023-11-22 00:00:00
zdt
zdt
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.7%
Related for WPVDB-ID:A24A6B58-95EE-434A-A7D1-FB2CF820F0DF