Lucene search
K

15 matches found

EUVD
EUVD
added 2026/04/16 12:54 a.m.10 views

EUVD-2026-23125

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/15 10:26 p.m.24 views

CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

4.3CVSS0.00316EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:26 p.m.3 views

CVE-2026-4949

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/15 10:26 p.m.3 views

CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33181

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'process checkout' function not properly enforcin...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/05 10:55 a.m.4 views

CVE-2026-3445

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/04/04 9:16 a.m.7 views

CVE-2026-3445

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS0.00228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/04 8:25 a.m.3 views

CVE-2026-3445

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References3
CVE
CVE
added 2026/04/04 8:25 a.m.18 views

CVE-2026-3445

The CVE-2026-3445 entry documents a vulnerability in the ProfilePress WordPress plugin (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) affecting all versions up to 4.16.11. Root cause: missing ownership verification on the change_plan_sub_i...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 2:22 a.m.5 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/11 2:22 a.m.4 views

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/11 2:22 a.m.4 views

EUVD-2026-11074

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 2:22 a.m.15 views

CVE-2026-3453

Affected software: ProfilePress plugin for WordPress (versions up to and including 4.16.11). Vulnerability details: Insecure Direct Object Reference due to missing ownership validation on the change_plan_sub_id parameter in process_checkout()’s AJAX handler. The handler loads a subscription and c...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24568

Name of the Vulnerable Software and Affected Versions ProfilePress versions prior to 4.16.11 Description The ProfilePress plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is a result of a lack of ownership validation on the change plan sub id parameter within...

8.1CVSS5.9AI score0.00379EPSS
Exploits0References10
Rows per page
Query Builder