UserPro

Vulnerabilities 27Slug userproPlugin page →

Minimum safe version

5.1.11

Update to 5.1.11 or later to address 21 fixable vulnerabilities

⚠ 6 vulnerabilities have no fix
High 7.5 Unfixed
2025-12-25≤ 5.1.9

Userpro <= 5.1.9 - Missing Authorization

WordfenceCVEEUVD
Medium 5.9 Unfixed
2025-06-14≤ 5.1.10

UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read

EUVDWordfenceCVE
High 8.3 Unfixed
2024-12-31≤ 5.1.9

WordPress UserPro plugin <= 5.1.9 - Local File Inclusion vulnerability

CVEWordfence
High 8.8 Unfixed
2024-12-31≤ 5.1.9

WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability

CVEWordfence
High 7.1 Unfixed
2024-12-31≤ 5.1.9

WordPress UserPro plugin <= 5.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

CVEWordfence
High 8.5 Unfixed
2024-12-31≤ 5.1.9

WordPress UserPro plugin <= 5.1.9 - SQL Injection vulnerability

CVEPatchstackWordfence
N/A
2018-09-10< 4.9.28

UserPro <= 4.9.27 - Privilege Escalation

Wordfence
N/A
2019-01-03< 4.9.21

UserPro <= 4.9.20 - Privilege Escalation

Wordfence
N/A
2017-11-04< 4.9.17.1

WordPress Userpro plugin <= 4.9.17.1 - Authentication Bypass Vulnerability

Patchstack
Critical 9.8
2017-11-10< 4.9.17.1

UserPro <= 4.9.17 - Authentication Bypass

WordfenceCVE
Medium 6.1
2018-09-09< 4.9.24

WordPress UserPro premium plugin <= 4.9.23 - Cross-Site Scripting (XSS) vulnerability

PatchstackCVEWordfence