The DeluxeThemes Userpro plugin suffers from a path traversal vulnerability identified as CVE-2024-56214. This vulnerability arises from improper sanitization of path input containing the sequence '.../...//', enabling attackers to access files and directories outside the intended directory structure. The affected versions include all releases up to and including 5.1.9. The CVSS v3.1 base score is 8.3, reflecting network attack vector, high complexity, no privileges required, user interaction required, scope change, and high impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to perform path traversal attacks, potentially leading to unauthorized access to sensitive files, modification of data, and disruption of service. The vulnerability impacts confidentiality, integrity, and availability at a high level as indicated by the CVSS score.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the affected plugin, applying compensating controls such as web application firewalls to detect and block path traversal attempts, and monitoring for suspicious activity related to path traversal patterns.