CVE-2023-2497 in UserPro Plugininfo

Zusammenfassung

von MITRE • 22.11.2023

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings' function. This makes it possible for unauthenticated attackers to exploit PHP Object Injection due to the use of unserialize() on the user supplied parameter via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

Wordfence

Reservieren

03.05.2023

Veröffentlichung

22.11.2023

Moderieren

akzeptiert

Eintrag

VDB-245968

CPE

bereit

EPSS

0.00270

KEV

nein

Aktivitäten

very low

Quellen

Do you want to use VulDB in your project?

Use the official API to access entries easily!