Lucene search
K

403 matches found

Patchstack
Patchstack
added 2024/12/12 6:34 a.m.5 views

WordPress ProfilePress plugin < 4.15.15 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin ProfilePress versions 4.15.15...

4.8CVSS6.1AI score0.0034EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 6:0 a.m.14 views

CVE-2024-10518 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

5.7AI score0.0034EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/12 6:0 a.m.9 views

CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...

5.7AI score0.0034EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/12 6:0 a.m.22 views

CVE-2024-10518 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

0.0034EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/12 6:0 a.m.14 views

CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...

0.0034EPSS
Exploits1References1
OSV
OSV
added 2024/12/09 2:15 p.m.4 views

CVE-2023-41953

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1...

5.3CVSS5.8AI score0.00403EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 2:15 p.m.25 views

CVE-2023-41953

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1...

5.3CVSS0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 1:16 p.m.19 views

CVE-2023-41953 WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1...

5.3CVSS5.3AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 1:16 p.m.36 views

CVE-2023-41953 WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1...

5.3CVSS0.00403EPSS
Exploits0References1
NVD
NVD
added 2024/12/09 1:15 p.m.13 views

CVE-2023-50882

Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through = 4.13.2...

5.3CVSS0.0049EPSS
Exploits0References1
OSV
OSV
added 2024/12/09 1:15 p.m.3 views

CVE-2023-50882

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2...

5.3CVSS5.8AI score0.0049EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:29 a.m.13 views

CVE-2023-50882 WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through = 4.13.2...

5.3CVSS0.0049EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 11:29 a.m.7 views

CVE-2023-50882 WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through = 4.13.2...

5.3CVSS5.1AI score0.0049EPSS
Exploits0References1
CVE
CVE
added 2024/12/09 11:29 a.m.50 views

CVE-2023-50882

CVE-2023-50882 affects the ProfilePress WordPress plugin (wp-user-avatar component). The vulnerability is a Missing Authorization / Broken Access Control issue in ProfilePress versions n/a through 4.13.2, exploitable by unauthenticated users due to incorrectly configured access control. PatchStac...

5.3CVSS5.8AI score0.0049EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.3 views

PT-2024-13989 · Unknown · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress versions n/a through 4.13.2 Description: The issue is related to a Missing Authorization vulnerability in ProfilePress Membership Team, allowing exploitation of incorrectly configured access control security levels...

5.3CVSS6.2AI score0.0049EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

WordPress plugin ProfilePress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.6AI score0.0049EPSS
Exploits0References1
NVD
NVD
added 2024/11/27 6:15 a.m.32 views

CVE-2024-11083

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS0.00399EPSS
Exploits0References2
OSV
OSV
added 2024/11/27 6:15 a.m.3 views

CVE-2024-11083

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS5.8AI score0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/27 5:31 a.m.15 views

CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS5.6AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/27 5:31 a.m.40 views

CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

5.3CVSS0.00399EPSS
Exploits0References2
Rows per page
Query Builder