CVE-2023-2448
published 2023-11-22CVE-2023-2448: The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.90%
55.3th percentile
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| userproplugin | userpro | <= 5.1.1 | — |
| userproplugin | userpro | <= 5.1.4 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vulncheck9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
UserPro Plugin up to 5.1.4 on WordPress Shortcode userpro_shortcode_template authorization (ID 175871)
vuldb·2026-04-11·CVSS 6.5
CVE-2023-2448 [MEDIUM] UserPro Plugin up to 5.1.4 on WordPress Shortcode userpro_shortcode_template authorization (ID 175871)
A vulnerability classified as critical has been found in UserPro Plugin up to 5.1.4 on WordPress. The impacted element is the function userpro_shortcode_template of the component Shortcode Handler. This manipulation causes missing authorization.
This vulnerability appears as CVE-2023-2448. The attack may be initiated remotely. There is no available exploit.
GHSA
GHSA-w6q9-w8cf-jw9p: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
ghsa_unreviewed·2023-11-22·CVSS 6.5
CVE-2023-2437 [MEDIUM] CWE-287 GHSA-w6q9-w8cf-jw9p: The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
GHSA
GHSA-3vmr-c5f4-vpxf: The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5
ghsa_unreviewed·2023-11-22·CVSS 6.5
CVE-2023-2449 [MEDIUM] CWE-620 GHSA-3vmr-c5f4-vpxf: The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
GHSA
GHSA-7h5h-qg5p-jjpf: The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' fu
ghsa_unreviewed·2023-11-22·CVSS 6.5
CVE-2023-2448 [MEDIUM] CWE-862 GHSA-7h5h-qg5p-jjpf: The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' fu
The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.
VulnCheck
userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
vulncheck·2023·CVSS 9.8
CVE-2023-2437 [CRITICAL] userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
userproplugin userpro Authentication Bypass Using an Alternate Path or Channel
The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
Affected: userproplugin userpro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation R
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cvehttp://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.htmlhttps://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cve
2023-11-22
Published