{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4187", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-01T12:49:24.396Z", "datePublished": "2025-06-14T08:23:23.478Z", "dateUpdated": "2026-04-08T16:42:53.265Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:42:53.265Z"}, "affected": [{"vendor": "n/a", "product": "UserPro - Community and User Profile WordPress Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.1.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve"}, {"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)"}], "timeline": [{"time": "2025-06-13T19:48:14.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T16:46:02.819362Z", "id": "CVE-2025-4187", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T18:39:32.980Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4187", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-16T16:46:02.819362Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T16:47:16.671Z"}}], "cna": {"title": "UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "n/a", "product": "UserPro - Community and User Profile WordPress Plugin", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "5.1.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-13T19:48:14.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve"}, {"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"}], "descriptions": [{"lang": "en", "value": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-06-14T08:23:23.478Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4187", "state": "PUBLISHED", "dateUpdated": "2025-06-17T18:39:32.980Z", "dateReserved": "2025-05-01T12:49:24.396Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-14T08:23:23.478Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento UserPro - Community and User Profile WordPress Plugin para WordPress es vulnerable a la navegaci\u00f3n de directorios en todas las versiones hasta la 5.1.10 incluida, a trav\u00e9s de la funci\u00f3n userpro_fbconnect(). Esto permite a atacantes no autenticados leer el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "id": "CVE-2025-4187", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-14T09:15:22.050", "references": [{"source": "security@wordfence.com", "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2745a40c-b011-4fe5-b2f7-d97ee6972568?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:17:11.925203+00:00", "value": {"mitigation_remediation": ["Upgrade the UserPro plugin to version 5.1.11 or later, which removes the directory traversal flaw.", "If an upgrade is not immediately possible, remove the plugin from the WordPress installation or disable the userpro_fbconnect() endpoint by changing its access permissions or using a web\u2011server configuration rule.", "Restrict the permissions of sensitive files and the WordPress root directory to prevent read access by the web\u2011server process, thereby limiting the impact of any remaining traversal attempts."], "summary": {"action": "Patch Now", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The flaw affects all installations of the UserPro plugin for WordPress up to and including version 5.1.10. Site owners running any of these versions on WordPress should assess whether the plugin is in active use and whether the file permissions and server configuration could expose sensitive files. The plugin is distributed via the CodeCanyon marketplace and is commonly used to add social login and profile features to WordPress sites.", "description_and_impact": "The vulnerability in the UserPro \u2013 Community and User Profile WordPress Plugin allows unauthenticated attackers to perform directory traversal through the userpro_fbconnect() function, enabling them to read arbitrary files on the server. This weakness is a classic example of CWE\u201122. Because the flaw does not require authentication or elevated privileges, content such as configuration files, database credentials, or private user data may be exposed, compromising the confidentiality of the affected infrastructure.", "risk_and_exploitability": "The CVSS score of 5.9 classifies this issue as medium severity, and the EPSS score of 1\u202f% suggests that exploitation is possible but not widespread. The vulnerability is not part of the CISA KEV list, but because the bug permits unauthenticated file reads, attackers could quickly gain useful information. The attack vector is web\u2011based, requiring only a crafted request to the vulnerable function, and no additional authentication or privileged access is needed."}}}}, "created": "2026-04-22T17:30:22.631584+00:00", "updated": "2026-04-22T17:30:22.631597+00:00", "vendors": []}