Lucene search

CVE-2024-2861

🗓️ 23 May 2024 10:09:15Reported by [email protected]Type

ProfilePress WordPress plugin Stored XSS vulnerability in User Panel widget

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
WPVulnDB	ProfilePress < 4.15.9 - Contributor+ Stored XSS	23 May 202400:00	–	wpvulndb
Cvelist	CVE-2024-2861 ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget	23 May 202409:32	–	cvelist
Patchstack	WordPress ProfilePress Plugin <= 4.15.8 is vulnerable to Cross Site Scripting (XSS)	23 May 202400:00	–	patchstack
Vulnrichment	CVE-2024-2861 ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget	23 May 202409:32	–	vulnrichment
CVE	CVE-2024-2861	23 May 202410:15	–	cve
OpenVAS	WordPress ProfilePress Plugin < 4.15.9 XSS Vulnerability	5 Feb 202500:00	–	openvas
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)	30 May 202415:23	–	wordfence

Nvd

Node

properfraction profilepressRange<4.15.9freewordpress

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/487731cd-da5a-45b6-8f39-4ae6420dd252
plugins	www.plugins.trac.wordpress.org/changeset/3090831/wp-user-avatar

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 May 2024 10:15Current

5.9Medium risk

Vulners AI Score5.9

CVSS35.4 - 6.4

EPSS0.00064

CWE-79