| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-53444 | WordPress Userpro plugin < 5.1.11 - Cross Site Request Forgery (CSRF) vulnerability | DeluxeThemes | Userpro | Medium | 4.3 | 2026-04-15 15:43:21 | Deep Dive |
| CVE-2025-68608 | WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability | DeluxeThemes | Userpro | High | 7.5 | 2025-12-24 12:31:31 | Deep Dive |
| CVE-2025-4187 | UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read | - | UserPro - Community and User Profile WordPress Plugin | Medium | 5.9 | 2025-06-14 08:23:23 | Deep Dive |
| CVE-2024-12822 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update | DeluxeThemes | Media Manager for UserPro | Critical | 9.8 | 2025-01-30 13:42:07 | Deep Dive |
| CVE-2024-12821 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | DeluxeThemes | Media Manager for UserPro | High | 8.8 | 2025-01-30 13:42:03 | Deep Dive |
| CVE-2025-22322 | WordPress Private Messages for UserPro plugin <= 4.10.0 - Reflected Cross Site Scripting (XSS) vulnerability | DeluxeThemes | Private Messages for UserPro | High | 7.1 | 2025-01-21 13:40:35 | Deep Dive |
| CVE-2025-22311 | WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability | DeluxeThemes | Private Messages for UserPro | High | 7.5 | 2025-01-21 13:40:34 | Deep Dive |
| CVE-2024-56210 | WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability | DeluxeThemes | Userpro | High | 7.1 | 2024-12-31 10:32:49 | Deep Dive |
| CVE-2024-56212 | WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability | DeluxeThemes | Userpro | High | 8.5 | 2024-12-31 10:04:13 | Deep Dive |
| CVE-2024-56211 | WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability | DeluxeThemes | Userpro | High | 8.8 | 2024-12-31 10:03:12 | Deep Dive |
| CVE-2024-56214 | WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability | DeluxeThemes | Userpro | High | 8.3 | 2024-12-31 10:01:33 | Deep Dive |
| CVE-2024-35700 | WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability | DeluxeThemes | Userpro | Critical | 9.8 | 2024-06-04 13:40:44 | Deep Dive |
| CVE-2024-0701 | UserPro <= 5.1.6 - Disabled Membership Registration Bypass | - | UserPro - Community and User Profile WordPress Plugin | Medium | 5.3 | 2024-02-05 21:22:05 | Deep Dive |
| CVE-2023-2439 | WordPress plugin UserPro 安全漏洞 | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.4 | 2024-01-31 02:35:10 | Deep Dive |
| CVE-2023-2497 | UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:39 | Deep Dive |
| CVE-2023-6009 | UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-6008 | UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.3 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-2449 | UserPro <= 5.1.1 - Insecure Password Reset Mechanism | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:37 | Deep Dive |
| CVE-2023-2437 | UserPro <= 5.1.1 - Authentication Bypass to Administrator | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:33 | Deep Dive |
| CVE-2023-2438 | UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.1 | 2023-11-22 15:33:30 | Deep Dive |