Plattform
wordpress
Komponente
userpro
Behoben in
5.1.12
CVE-2025-53444 identifies a Cross-Site Request Forgery (CSRF) vulnerability within the DeluxeThemes Userpro plugin. This flaw allows attackers to trick users into performing actions they did not intend to, potentially compromising their accounts or data. The vulnerability affects versions of Userpro from n/a up to and including 5.1.11. The issue is resolved in version 5.1.11, requiring users to update their plugins to mitigate the risk.
The impact of CVE-2025-53444 stems from the ability of an attacker to leverage CSRF to perform unauthorized actions on behalf of a logged-in user. This could include modifying user profiles, changing passwords, or performing other administrative tasks, depending on the user's privileges. An attacker could craft malicious links or embed them in websites to trick users into clicking them. The blast radius is limited to the functionality exposed by the Userpro plugin and the user's associated privileges within the WordPress environment. Successful exploitation could lead to account takeover and data breaches.
CVE-2025-53444 was published on 2026-04-15. The CVSS score is 4.3 (MEDIUM). The vulnerability is a standard CSRF flaw, and public proof-of-concept (POC) exploits are likely to be developed. Monitor WordPress security forums and vulnerability databases for updates.
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-53444 is to upgrade the DeluxeThemes Userpro plugin to version 5.1.11 or later. If upgrading is not immediately possible, consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources. Additionally, ensure that all user input is properly validated and sanitized to prevent malicious code from being injected. WordPress security plugins often include CSRF protection mechanisms that can provide an additional layer of defense. After upgrading, confirm the fix by attempting to trigger a CSRF attack and verifying that it is blocked.
Update to version 5.1.11, or a newer patched version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-53444 describes a Cross-Site Request Forgery (CSRF) vulnerability in the DeluxeThemes Userpro WordPress plugin, allowing attackers to perform actions as authenticated users.
You are affected if you are using DeluxeThemes Userpro versions 0.0.0 through 5.1.11. Check your plugin version and upgrade immediately if vulnerable.
Upgrade to version 5.1.11 or later to resolve the vulnerability. Consider implementing a Content Security Policy (CSP) as an additional layer of defense.
There are currently no known public exploits or active campaigns targeting this specific vulnerability, but it remains a potential risk due to the nature of CSRF attacks.
Please refer to the DeluxeThemes website and WordPress plugin repository for the official advisory and update information regarding CVE-2025-53444.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.