CVE-2023-2437
published 2023-11-22CVE-2023-2437: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on…
PriorityP181high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
6.80%
93.2th percentile
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| userproplugin | userpro | <= 5.1.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
cookiewordpress_logged_in
cookiewordpress_sec_
- →Detect authentication bypass attempts against the UserPro plugin (≤5.1.1) by monitoring for successful WordPress session cookies (wordpress_logged_in, wordpress_sec_) returned in response headers following a Facebook login flow request to the plugin endpoint — unauthenticated requests that yield HTTP 200 with these cookies are indicative of exploitation. ↗
- →CVE-2023-2437 exploitation is chained with CVE-2023-2448 and CVE-2023-2446 to first enumerate a target user's email address before triggering the authentication bypass; monitor for sequential exploitation of all three CVEs from the same source IP. ↗
- ·The Sigma/nuclei detection template targets the UserPro WordPress plugin and checks for wordpress_logged_in or wordpress_sec_ cookies in response headers with HTTP 200 status; this may produce false positives on any legitimate WordPress login flow — tune to scope only to the UserPro Facebook login endpoint.
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
UserPro Plugin up to 5.1.1 on WordPress improper authentication (ID 175871)
vuldb·2026-04-11·CVSS 9.8
CVE-2023-2437 [CRITICAL] UserPro Plugin up to 5.1.1 on WordPress improper authentication (ID 175871)
A vulnerability was found in UserPro Plugin up to 5.1.1 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation results in improper authentication.
This vulnerability was named CVE-2023-2437. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-w6q9-w8cf-jw9p: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
ghsa_unreviewed·2023-11-22·CVSS 6.5
CVE-2023-2437 [MEDIUM] CWE-287 GHSA-w6q9-w8cf-jw9p: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
VulnCheck
userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
vulncheck·2023·CVSS 9.8
CVE-2023-2437 [CRITICAL] userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
Affected: userproplugin userpro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation R
No detection rules found.
Nuclei
UserPro <= 5.1.1 - Authentication Bypass
nuclei·CVSS 8.1
CVE-2023-2437 [HIGH] UserPro <= 5.1.1 - Authentication Bypass
UserPro "
condition: or
- type: word
part: header
words:
- "wordpress_logged_in"
- "wordpress_sec_"
condition: or
- type: status
status:
- 200
# digest: 4a0a00473045022100c3ffec7ff17ed4bcf15668a01a754a65cd0e2a8b404c4200e68ff4a994f7d6a202203c0a7f3951f94dcc9a1071e7cc7f4f80295bd524e12f8ab800ece695d09605a1:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cvehttp://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.htmlhttps://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=cve
2023-11-22
Published
Exploited in the wild