The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.
History

Thu, 07 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-02-05T21:22:04.676Z

Updated: 2024-11-07T20:42:02.425Z

Reserved: 2024-01-18T20:27:02.394Z

Link: CVE-2024-0701

cve-icon Vulnrichment

Updated: 2024-08-01T18:11:35.648Z

cve-icon NVD

Status : Modified

Published: 2024-02-05T22:16:04.380

Modified: 2024-11-21T08:47:10.637

Link: CVE-2024-0701

cve-icon Redhat

No data.