{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T09:26:41.253","vulnerabilities":[{"cve":{"id":"CVE-2023-2446","sourceIdentifier":"security@wordfence.com","published":"2023-11-22T08:15:07.020","lastModified":"2026-06-17T05:52:36.437","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account."},{"lang":"es","value":"El complemento UserPro para WordPress es vulnerable a la divulgación de información confidencial a través del código corto 'userpro' en versiones hasta la 5.1.1 incluida. Esto se debe a una restricción insuficiente de los metavalores sensibles del usuario que se pueden invocar a través de ese código abreviado. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, recuperen metadatos de usuario sensibles que pueden usarse para obtener acceso a una cuenta de usuario con altos privilegios."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"n/a","product":"UserPro - Community and User Profile WordPress Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.1.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"5.1.2","matchCriteriaId":"9EF7A2C9-4F0D-41BE-B9F6-41AC4F2606DE"}]}]}],"references":[{"url":"https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}