Userpro
EPC
Developer
N/A
Latest version
N/A
Installations
N/A
Last updated
Vulnerability history
5 present
17 fixed
9 Mitigation rules
- Unauthenticated Arbitrary File Read vulnerability<= 5.1.10Jun 14, 2025
- Local File Inclusion vulnerability<= 5.1.9Dec 19, 2024
- SQL Injection vulnerability<= 5.1.9Dec 19, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 5.1.9Dec 19, 2024
- Authenticated Arbitrary User Meta Update vulnerability<= 5.1.9Dec 19, 2024
- Unauthenticated Account Takeover vulnerability<= 5.1.8May 21, 2024
- Disabled Membership Registration Bypass vulnerability<= 5.1.6Feb 2, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability5.1.5Feb 1, 2024
- Cross-Site Request Forgery via multiple functions vulnerability<= 5.1.1Nov 22, 2023
- Cross-Site Request Forgery to PHP Object Injection vulnerability<= 5.1.0Nov 22, 2023
- Missing Authorization via multiple functions vulnerability<= 5.1.1Nov 21, 2023
- Cross-Site Request Forgery to Privilege Escalation vulnerability<= 5.1.1Nov 21, 2023
- Cross-Site Request Forgery to Sensitive Information Exposure vulnerability<= 5.1.1Nov 21, 2023
- Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata vulnerability<= 5.1.0Nov 21, 2023
- Authenticated (Subscriber+) Privilege Escalation vulnerability<= 5.1.4Nov 21, 2023
- Authentication Bypass to Administrator vulnerability<= 5.1.1Nov 21, 2023
- Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template vulnerability<= 5.1.4Nov 21, 2023
- Sensitive Information Disclosure via Shortcode vulnerability<= 5.1.1Nov 21, 2023
- Insecure Password Reset Mechanism vulnerability<= 5.1.1Nov 21, 2023
- Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability<= 4.9.33Aug 27, 2019
- Cross-Site Scripting (XSS) vulnerability<= 4.9.23Sep 9, 2018
- Authentication Bypass Vulnerability4.9.17Nov 4, 2017