UserPro Plugin Vulnerability Allows Account Takeover

Patchstack discovered the critical flaw in the plugin’s password reset mechanism, specifically within the userpro_process_form function, which allowed unauthenticated users to change the passwords of other users under certain conditions.