The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. An attacker can leverage CVE-2023-2448 and CVE-2023-2446 to get the user's email address to successfully exploit this vulnerability.
The vulnerability results from insufficient verification of user identity during the Facebook login process performed by the plugin. An attacker can provide the email address of an existing account without needing to possess a password or authentication token. The vulnerability can be chained with CVE-2023-2448 and CVE-2023-2446, which enable obtaining the victim's email address, allowing for full, chained exploitation of this flaw.
An attacker can take over any account on the WordPress site, including administrator accounts, gaining full control over the website — ability to modify content, install malicious plugins, and access user data.
The UserPro plugin should be updated to a version higher than 5.1.1. Patches available from the vendor should be applied according to the references. Additionally, it is recommended to review access logs to detect any unauthorized logins and to remove or deactivate the plugin until updates are applied.
UserPro (User Profiles with Social Login) plugin for WordPress in versions up to and including 5.1.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HUserproplugin Userpro
APPUserproplugin≤ 5.1.1
Related vulnerabilities
Incorrect Privilege Assignment w wtyczce WordPress UserPro — przejęcie konta bez uwierzytelnienia
Nieautoryzowany reset hasła w pluginie UserPro dla WordPress
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote...
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,...
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,...