CVE-2024-1570

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...

PT-2024-18140 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.14.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's login-password shortcode due to insufficient input sanitization and output escaping on...