WordPress Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields vulnerability

WordPress Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin = 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPres...

EUVD-2024-17163

Malicious code in bioql PyPI...

EUVD-2023-46413

Malicious code in bioql PyPI...

EUVD-2023-55615

Malicious code in bioql PyPI...

CVE-2024-1570

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...

CVE-2023-41954

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1...

CVE-2024-10518 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

CVE-2023-41953

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1...

CVE-2023-50882

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2...

PT-2024-13989 · Unknown · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress versions n/a through 4.13.2 Description: The issue is related to a Missing Authorization vulnerability in ProfilePress Membership Team, allowing exploitation of incorrectly configured access control security levels...

WordPress plugin ProfilePress 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress ProfilePress plugin <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin ProfilePress versions = 4.15.4...

WordPress plugin ProfilePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-8991 · Unknown · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress versions through 4.13.1 Description: The issue is related to a Missing Authorization vulnerability in the ProfilePress Membership Team plugin for WordPress. This vulnerability is associated with a function named admin notice and ...