WordPress Plugin Vulnerabilities

UserPro < 5.1.5 - Authenticated (Subscriber+) Privilege Escalation

Description

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.

Affects Plugins

Plugin icon
userpro
Fixed in 5.1.5

References

CVE
CVE-2023-6009
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (High)

Miscellaneous

Original Researcher
István Márton
Verified
No
WPVDB ID
6be59d55-4347-4ce5-be6d-698bd5c12cf3

Timeline

Publicly Published
2023-11-21 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-11-24 (about 2 years ago)

Other

Published
Title
Published
2026-01-21
Title
LA-Studio Element Kit for Elementor < 1.6.0 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
Published
2026-04-15
Title
Barcode Scanner (+Mobile App) < 1.12.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication
Published
2026-03-25
Title
Amelia Booking < 9.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change
Published
2020-03-25
Title
All-in-One WP Migration < 7.15 - Arbitrary Backup Download
Published
2025-10-21
Title
King Addons for Elementor < 51.1.37 - Unauthenticated Privilege Escalation