WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities - CVE-2023-2437

WordPress Plugin UserPro-Community and User Profile is prone to multiple vulnerabilities including security bypass privilege escalation information disclosure or cross-site request forgery vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently log in as any existing user on the site given they know the users email address to bypass the expected capabilities check and perform otherwise restricted actions to obtain sensitive information that may help in launching further attacks or to perform certain administrative actions and gain unauthorized access to the affected application. WordPress Plugin UserPro-Community and User Profile version 5.1.1 is vulnerable prior versions may also be affected.