Vulnerability Details : CVE-2023-2449
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
Vulnerability category: Sql Injection
Products affected by CVE-2023-2449
- cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2449
0.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2449
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Wordfence |
References for CVE-2023-2449
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve
UserPro <= 5.1.1 - Insecure Password Reset MechanismThird Party Advisory
-
http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation ≈ Packet StormThird Party Advisory;VDB Entry
-
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
UserPro - Community and User Profile WordPress Plugin by DeluxeThemesProduct
Jump to