Vulnerabilities

CVE-2025-4187

by Fred · 14/06/2025

The UserPro – Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Assigner : cve-request@wordfence.com

More information : https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681

Similar

Tags: Cybersecurity Alert