๐Ÿ” CVE Alert

CVE-2024-35700

UNKNOWN 0.0

WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8.

CWE CWE-266
Vendor deluxethemes
Product userpro
Published Jun 4, 2024
Last Updated Apr 1, 2026
Stay Ahead of the Next One

Get instant alerts for deluxethemes userpro

Be the first to know when new unknown vulnerabilities affecting deluxethemes userpro are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

DeluxeThemes / Userpro
0 โ‰ค 5.1.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/userpro/vulnerability/wordpress-userpro-plugin-5-1-8-unauthenticated-account-takeover-vulnerability?_s_id=cve patchstack.com: https://patchstack.com/database/vulnerability/userpro/wordpress-userpro-plugin-5-1-8-unauthenticated-account-takeover-vulnerability?_s_id=cve

Credits

Rafie Muhammad | Patchstack Bug Bounty Program