5 matches found
WordPress ProfilePress Plugin 3.0.0 < 3.1.4 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...
CVE-2021-34623
The CVE-2021-34623 entry describes an Arbitrary File Upload vulnerability in the Image Uploader component of the ProfilePress WordPress plugin, affecting versions 3.0.0–3.1.3. The issue allows attackers to upload arbitrary files during user registration or profile updates. Connected sources indic...
CVE-2021-34623 ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload in Image Uploader Component
A vulnerability in the image uploader component found in the /src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3...
CVE-2021-34623
creationtimestamp| type| source ---|---|--- 2021-07-05 12:18:01+00:00| seen| https://t.me/CyberSecurityTechnologies/3770 2021-07-07 16:37:44+00:00| seen| https://t.me/cibsecurity/25960...
ProfilePress Plugin for WordPress 3.x < 3.1.4 Multiple Vulnerabilities
The WordPress ProfilePress Plugin installed on the remote host is affected by multiple vulnerabilities : - An unauthenticated privilege escalation exists when supplying wpcapabilties as an array parameter while registering. CVE-2021-34621 - An authenticated privilege escalation exists within the...