Showing 1 - 1 of 1

CVE-2023-6009

Status Candidate

Overview

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.

Related Files

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation: Posted Nov 22, 2023; Authored by Istvan Marton | Site wordfence.com; WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.; tags | exploit, vulnerability, code execution, bypass, info disclosure; advisories | CVE-2023-2437, CVE-2023-2446, CVE-2023-2448, CVE-2023-2449, CVE-2023-6009; SHA-256 | bfb7306b803b1acac19078db2972f3aa4724b44e3c44892d41946574771b0eda; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 252 files
Ubuntu 56 files
Gentoo 33 files
Debian 23 files
Apple 9 files
malvuln 7 files
Jann Horn 4 files
nu11secur1ty 4 files
Google Security Research 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,048)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,846)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,952)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,535)
UNIX (9,409)
UnixWare (187)
Windows (6,660)
Other

CVE-2023-6009

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems