CRITICAL🇵🇱 Wersja polska

CVE-2023-2449

CVSS 9.8v3.1pub. 2023-11-22upd. 2026-04-08

The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.

🤖 AI Analysis
How it works

The userpro_process_form function handling password reset uses a reset key in plaintext instead of its hashed value. Such a key can be read by an attacker — for example through SQL Injection in another plugin or theme installed on the site, or by exploiting related vulnerabilities CVE-2023-2448 or CVE-2023-2446. After obtaining the key, the attacker can directly invoke the reset function and set a new password for the chosen account. The entire attack requires no authentication, user interaction, or special privileges.

Impact

An attacker can take control of any user account — including WordPress administrator accounts — by setting a new password without the owner's knowledge. This results in a complete breach of the site's confidentiality, integrity, and availability.

Mitigation & patch

The UserPro plugin must be updated immediately to a version higher than 5.1.1, according to information available from the vendor and in the references. It is also recommended to review other installed plugins and themes for SQL Injection vulnerabilities that could be used as a secondary attack vector.

Who is affected

UserPro plugin (Userproplugin Userpro) for WordPress in versions up to and including 5.1.1.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Userproplugin Userpro

    APP
    Userproplugin
    ≤ 5.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-35700CRITICAL9.8PL ✓ten sam produkt

Incorrect Privilege Assignment w wtyczce WordPress UserPro — przejęcie konta bez uwierzytelnienia

CVE-2023-2437CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w pluginie UserPro dla WordPress (logowanie Facebook)

CVE-2017-16562CRITICAL9.8ten sam produkt

The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote...

CVE-2023-2440HIGH8.8ten sam produkt

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,...

CVE-2023-2497HIGH8.8ten sam produkt

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,...