Cyber Resilience

CVE-2024-0701

Medium

Published: 05 February 2024

Published
05 February 2024
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0018 38.9th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-0701 is a medium-severity Client-Side Enforcement of Server-Side Security (CWE-602) vulnerability in Userproplugin Userpro. Its CVSS base score is 5.3 (Medium).

Operationally, ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings.…

more

This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

userproplugin
userpro
≤ 5.1.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References