Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

UserPro - Community and User Profile WordPress Plugin — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in UserPro - Community and User Profile WordPress Plugin, with AI-generated Chinese analysis, references, and POCs.

This page documents known security vulnerabilities associated with the UserPro plugin, a popular WordPress tool for creating community and user profile systems, categorized under common weakness types such as cross-site scripting or improper access control. It aggregates vulnerability data sourced from official vendor advisories, security researcher reports, and public databases, covering incidents reported from the plugin’s initial release through the most recent patches issued to date. Visitors can use this resource to track the evolution of security issues specific to this vendor, understand the prevalence and impact of particular weakness classes within WordPress ecosystems, and review a comprehensive history of vulnerabilities affecting UserPro to assess their current risk posture. By consolidating these disparate sources into a single view, the page provides context on how often this product has been targeted and the nature of the flaws discovered. This information is essential for site administrators, developers, and security professionals who need to evaluate the reliability of the software, verify that specific known issues have been remediated in their installed version, or compare the security track record against alternative solutions. The content is strictly informational and does not include diagnostic tools or real-time scanning capabilities, but rather serves as a historical record of disclosed security events. Users are encouraged to cross-reference this data with the latest official documentation and patch notes to ensure their installations remain secure against the most recent threats identified in the wild.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2025-4187 UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read CWE-22 5.9 Medium2025-06-14
CVE-2024-0701 UserPro <= 5.1.6 - Disabled Membership Registration Bypass CWE-602 5.3 Medium2024-02-05
CVE-2023-2439 WordPress plugin UserPro 安全漏洞 6.4 Medium2024-01-31
CVE-2023-2497 UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection CWE-352 8.8 High2023-11-22
CVE-2023-6008 UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions CWE-352 6.3 Medium2023-11-22
CVE-2023-6009 UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation CWE-266 8.8 High2023-11-22
CVE-2023-2449 UserPro <= 5.1.1 - Insecure Password Reset Mechanism CWE-620 9.8 Critical2023-11-22
CVE-2023-2437 UserPro <= 5.1.1 - Authentication Bypass to Administrator CWE-288 9.8 Critical2023-11-22
CVE-2023-2438 UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata CWE-352 6.1 Medium2023-11-22
CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template CWE-862 6.5 Medium2023-11-22
CVE-2023-2440 UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation CWE-352 8.8 High2023-11-22
CVE-2023-6007 UserPro <= 5.1.1 - Missing Authorization via multiple functions CWE-862 7.3 High2023-11-22
CVE-2023-2446 UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode CWE-200 6.5 Medium2023-11-22
CVE-2023-2447 UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure CWE-352 6.1 Medium2023-11-22

All 14 known CVE vulnerabilities affecting UserPro - Community and User Profile WordPress Plugin with full Chinese analysis, references, and POCs where available.