Lucene search

K

Restrict Security Vulnerabilities

cve
cve

CVE-2024-0910

The Restrict for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.6 due to improper restrictions on hidden data that make it accessible through the REST API. This makes it possible for unauthenticated attackers to extract...

5.3CVSS

7AI Score

0.0005EPSS

2024-06-06 02:15 AM
3
cve
cve

CVE-2024-2861

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-23 10:15 AM
55
cve
cve

CVE-2024-2867

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization.....

6.4CVSS

5.8AI Score

0.0004EPSS

2024-05-02 05:15 PM
29
cve
cve

CVE-2024-0615

The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to...

5.3CVSS

6.5AI Score

0.0005EPSS

2024-05-02 05:15 PM
38
cve
cve

CVE-2024-31432

Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-04-15 10:15 AM
27
cve
cve

CVE-2024-3210

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-04-10 06:15 AM
23
cve
cve

CVE-2024-29138

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through...

7.1CVSS

9.3AI Score

0.0004EPSS

2024-03-19 02:15 PM
32
cve
cve

CVE-2024-1806

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input...

6.4CVSS

6AI Score

0.0004EPSS

2024-03-13 04:15 PM
21
cve
cve

CVE-2024-1535

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input...

6.4CVSS

6AI Score

0.0004EPSS

2024-03-13 04:15 PM
10
cve
cve

CVE-2024-1409

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient.....

6.4CVSS

6AI Score

0.0004EPSS

2024-03-13 04:15 PM
8
cve
cve

CVE-2024-1083

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and...

5.3CVSS

6AI Score

0.0004EPSS

2024-03-13 04:15 PM
6
cve
cve

CVE-2024-0687

The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-03-13 04:15 PM
12
cve
cve

CVE-2024-1570

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...

6.4CVSS

6AI Score

0.0004EPSS

2024-02-29 01:43 AM
26
cve
cve

CVE-2024-1519

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...

6.5CVSS

6.3AI Score

0.0004EPSS

2024-02-29 01:43 AM
24
cve
cve

CVE-2024-1408

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...

6.4CVSS

6AI Score

0.0004EPSS

2024-02-29 01:43 AM
19
cve
cve

CVE-2024-24702

Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-02-28 03:15 PM
77
cve
cve

CVE-2024-0682

The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to....

5.3CVSS

5.3AI Score

0.0004EPSS

2024-02-28 09:15 AM
73
cve
cve

CVE-2024-1046

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient...

6.4CVSS

5.6AI Score

0.0004EPSS

2024-02-05 10:16 PM
12
cve
cve

CVE-2023-6165

The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

4.8CVSS

5AI Score

0.0004EPSS

2024-01-29 03:15 PM
9
cve
cve

CVE-2022-45083

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...

7.2CVSS

7AI Score

0.001EPSS

2024-01-19 03:15 PM
10
cve
cve

CVE-2023-44150

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login...

7.5CVSS

7.5AI Score

0.001EPSS

2023-11-30 03:15 PM
41
cve
cve

CVE-2023-47668

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7...

7.5CVSS

7.5AI Score

0.001EPSS

2023-11-23 12:15 AM
49
cve
cve

CVE-2023-47518

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4...

7.1CVSS

6AI Score

0.0005EPSS

2023-11-14 11:15 PM
14
cve
cve

CVE-2023-41861

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4...

7.1CVSS

6AI Score

0.0005EPSS

2023-09-27 03:19 PM
15
cve
cve

CVE-2023-3182

The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

6.1CVSS

6.1AI Score

0.001EPSS

2023-07-17 02:15 PM
30
cve
cve

CVE-2022-47444

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3...

7.1CVSS

6AI Score

0.001EPSS

2023-03-29 01:15 PM
37
cve
cve

CVE-2022-4698

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

5.5CVSS

4.6AI Score

0.0005EPSS

2022-12-23 04:15 PM
24
cve
cve

CVE-2022-4697

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS

4.6AI Score

0.0005EPSS

2022-12-23 04:15 PM
19
cve
cve

CVE-2012-4473

The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct...

6.4AI Score

0.002EPSS

2012-11-30 10:55 PM
25