CVE-2023-2446 - Vulnerability Details - OpenCVE

The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00238.

Key SSVC decision points have not yet been added.

Vendors	Products
Userproplugin	Userpro

Configuration 1 [-]

cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*

No data.

No data.

References

Link	Providers
http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html
https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681
https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve

History

Wed, 08 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
Title		UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode
Weaknesses		CWE-200

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-11-22T07:32:12.130Z

Updated: 2026-04-08T16:48:24.178Z

Reserved: 2023-05-01T14:17:16.045Z

Link: CVE-2023-2446

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-22T08:15:07.020

Modified: 2026-04-08T18:18:02.830

Link: CVE-2023-2446

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-2446", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-05-01T14:17:16.045Z", "datePublished": "2023-11-22T07:32:12.130Z", "dateUpdated": "2026-04-08T16:48:24.178Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:24.178Z"}, "affected": [{"vendor": "n/a", "product": "UserPro - Community and User Profile WordPress Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.1.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account."}], "title": "UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve"}, {"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2023-04-26T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2023-05-01T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2023-11-21T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:26:09.081Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve", "tags": ["x_transferred"]}, {"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9EF7A2C9-4F0D-41BE-B9F6-41AC4F2606DE", "versionEndExcluding": "5.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive user meta values that can be called via that shortcode. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to retrieve sensitive user meta that can be used to gain access to a high privileged user account."}, {"lang": "es", "value": "El complemento UserPro para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial a trav\u00e9s del c\u00f3digo corto 'userpro' en versiones hasta la 5.1.1 incluida. Esto se debe a una restricci\u00f3n insuficiente de los metavalores sensibles del usuario que se pueden invocar a trav\u00e9s de ese c\u00f3digo abreviado. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, recuperen metadatos de usuario sensibles que pueden usarse para obtener acceso a una cuenta de usuario con altos privilegios."}], "id": "CVE-2023-2446", "lastModified": "2026-04-08T18:18:02.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-22T08:15:07.020", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}