Path Traversal Vulnerability in DeluxeThemes Userpro Plugin
CVE-2024-56214

8.3HIGH

Key Information:

Vendor: Deluxethemes
Status: Userpro
Vendor: CVE Published:; 31 December 2024

Summary

The path traversal vulnerability in the DeluxeThemes Userpro plugin allows attackers to bypass security restrictions and access sensitive files on the server. This issue stems from improper validation of user-supplied input, which can be manipulated to read arbitrary files. Thus, users of the affected Userpro plugin versions should take immediate steps to mitigate this risk by updating to the latest version and ensuring that proper security measures are in place.

Affected Version(s)

Userpro <= 5.1.9

References

https://patchstack.com/database/wordpress/plugin/userpro/...

vdb-entry

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

Rafie Muhammad (Patchstack)