Deluxethemes Userpro
7 CVEs affecting Deluxethemes Userpro. Latest disclosed: 2026-04-15. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-35700 | Critical | 9.8 | 2024-06-04 | Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. |
CVE-2024-56211 | High | 8.8 | 2024-12-31 | Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9. |
CVE-2024-56212 | High | 8.5 | 2024-12-31 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro… |
CVE-2024-56214 | High | 8.3 | 2024-12-31 | Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9. |
CVE-2025-68608 | High | 7.5 | 2025-12-24 | Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects… |
CVE-2024-56210 | High | 7.1 | 2024-12-31 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro userpro allows Reflected XSS.This is… |
CVE-2025-53444 | Medium | 4.3 | 2026-04-15 | Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through… |