CVE-2023-2446
published 2023-11-22CVE-2023-2446: The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is…
PriorityP277medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.85%
53.5th percentile
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| userproplugin | userpro | < 5.1.2 | 5.1.2 |
| userproplugin | userpro | <= 5.1.1 | — |
| userproplugin | userpro | <= 5.1.4 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
UserPro Plugin up to 5.1.1 on WordPress Shortcode information disclosure (ID 175871)
vuldb·2026-04-11·CVSS 6.5
CVE-2023-2446 [MEDIUM] UserPro Plugin up to 5.1.1 on WordPress Shortcode information disclosure (ID 175871)
A vulnerability described as problematic has been identified in UserPro Plugin up to 5.1.1 on WordPress. The affected element is an unknown function of the component Shortcode Handler. The manipulation results in information disclosure.
This vulnerability is reported as CVE-2023-2446. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-w6q9-w8cf-jw9p: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
ghsa_unreviewed·2023-11-22·CVSS 6.5
CVE-2023-2437 [MEDIUM] CWE-287 GHSA-w6q9-w8cf-jw9p: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
GHSA
GHSA-g86m-gmqj-jhhp: The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5
ghsa_unreviewed·2023-11-22
CVE-2023-2446 [MEDIUM] CWE-200 GHSA-g86m-gmqj-jhhp: The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.
GHSA
GHSA-3vmr-c5f4-vpxf: The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5
ghsa_unreviewed·2023-11-22·CVSS 6.5
CVE-2023-2449 [MEDIUM] CWE-620 GHSA-3vmr-c5f4-vpxf: The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
GHSA
GHSA-7h5h-qg5p-jjpf: The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' fu
ghsa_unreviewed·2023-11-22·CVSS 6.5
CVE-2023-2448 [MEDIUM] CWE-862 GHSA-7h5h-qg5p-jjpf: The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' fu
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.
VulnCheck
UserPro plugin for WordPress userpro shortcut Vulnerability
vulncheck·2023·CVSS 6.5
CVE-2023-2446 [MEDIUM] UserPro plugin for WordPress userpro shortcut Vulnerability
UserPro plugin for WordPress userpro shortcut Vulnerability
The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.
Affected: userproplugin userpro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-pl
VulnCheck
userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
vulncheck·2023·CVSS 9.8
CVE-2023-2437 [CRITICAL] userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
Affected: userproplugin userpro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation R
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cvehttp://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.htmlhttps://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve
2023-11-22
Published
Exploited in the wild