| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-2497 | UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:39 | Deep Dive |
| CVE-2023-6008 | UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.3 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-6009 | UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-2449 | UserPro <= 5.1.1 - Insecure Password Reset Mechanism | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:37 | Deep Dive |
| CVE-2023-2437 | UserPro <= 5.1.1 - Authentication Bypass to Administrator | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:33 | Deep Dive |
| CVE-2023-2438 | UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.1 | 2023-11-22 15:33:30 | Deep Dive |
| CVE-2023-2448 | UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.5 | 2023-11-22 15:33:29 | Deep Dive |
| CVE-2023-2440 | UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:28 | Deep Dive |
| CVE-2023-6007 | UserPro <= 5.1.1 - Missing Authorization via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | High | 7.3 | 2023-11-22 15:33:26 | Deep Dive |
| CVE-2023-2446 | UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.5 | 2023-11-22 07:32:12 | Deep Dive |
| CVE-2023-2447 | UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.1 | 2023-11-22 07:32:12 | Deep Dive |
| CVE-2023-47553 | WordPress UserHeat Plugin Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) | User Local Inc | UserHeat Plugin | Medium | 5.4 | 2023-11-18 21:41:58 | Deep Dive |
| CVE-2023-47644 | WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF) | profilegrid | ProfileGrid – User Profiles, Memberships, Groups and Communities | Medium | 5.4 | 2023-11-18 21:31:40 | Deep Dive |
| CVE-2023-6187 | Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | High | 7.5 | 2023-11-18 01:54:35 | Deep Dive |
| CVE-2023-35877 | WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Request Forgery (CSRF) | Vadym K. | Extra User Details | Medium | 4.3 | 2023-11-13 17:06:24 | Deep Dive |
| CVE-2023-46201 | WordPress Auto Login New User After Registration Plugin <= 1.9.6 is vulnerable to Cross Site Request Forgery (CSRF) | Jeff Sherk | Auto Login New User After Registration | Medium | 4.3 | 2023-11-13 04:09:16 | Deep Dive |
| CVE-2023-47669 | WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF) | Cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 5.4 | 2023-11-13 00:55:28 | Deep Dive |
| CVE-2023-32092 | WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF) | PeepSo | Community by PeepSo – Social Network, Membership, Registration, User Profiles | Medium | 4.3 | 2023-11-09 22:36:19 | Deep Dive |
| CVE-2023-32298 | WordPress Simple User Listing Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS) | Kathy Darling | Simple User Listing | High | 7.1 | 2023-11-08 15:57:17 | Deep Dive |
| CVE-2023-46621 | WordPress User Avatar Plugin <= 1.4.11 is vulnerable to Cross Site Scripting (XSS) | Enej Bajgoric / Gagan Sandhu / CTLT DEV | User Avatar | High | 7.1 | 2023-11-08 15:16:11 | Deep Dive |