CVE-2023-2437

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UserPro plugin for WordPress versions through 5.1.1

Description The UserPro plugin for WordPress through version 5.1.1 has a flaw that allows bypassing authentication through the userpro fbconnect API endpoint. This bypass is achieved via the userpro fbconnect AJAX action.

Recommendations Update the UserPro plugin to a version later than 5.1.1.

Exploit

Fix

Improper Authentication

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-288

Related Identifiers

CVE-2023-2437

Affected Products

Userpro

CVE-2023-2437

Weakness Enumeration

Related Identifiers

Affected Products

References · 9