The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-11-22T15:33:37.741Z
Updated: 2024-08-02T08:21:17.115Z
Reserved: 2023-11-08T05:32:13.517Z
Link: CVE-2023-6009
Vulnrichment
Updated: 2024-08-02T08:21:17.115Z
NVD
Status : Modified
Published: 2023-11-22T16:15:15.643
Modified: 2024-11-21T08:42:58.377
Link: CVE-2023-6009
Redhat
No data.