CVE-2023-6007
published 2023-11-22CVE-2023-6007: The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple…
PriorityP336medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.35%
26.8th percentile
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| userproplugin | userpro | <= 5.1.1 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v5jp-594g-37v3: The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on
ghsa_unreviewed·2023-11-22
CVE-2023-6007 [HIGH] CWE-862 GHSA-v5jp-594g-37v3: The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
OSV
linux-azure vulnerabilities
osv·2023-03-27·CVSS 5.5
linux-azure vulnerabilities
linux-azure vulnerabilities
Updated on 2023-04-11:
Please note that when USN 5975-1 was originally published, it incorrectly
included the linux-gcp kernel for Ubuntu 16.04 ESM. References to that
kernel have been removed from this USN and the correct information for it
has been published in USN 6007-1.
Original advisory details:
It was discovered that the Upper Level Protocol (ULP) subsystem in the
Linux kernel did not properly handle sockets entering the LISTEN state in
certain protocols, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-0461)
It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A l
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cvehttps://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=cve
2023-11-22
Published