The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-11-22T15:33:38.202Z
Updated: 2023-11-22T15:33:38.202Z
Reserved: 2023-11-08T05:32:01.025Z
Link: CVE-2023-6008
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-22T16:15:15.473
Modified: 2023-11-29T18:58:44.753
Link: CVE-2023-6008
JSON object: View
Redhat Information
No data.
CWE