Lucene search
K

403 matches found

Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33181

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'process checkout' function not properly enforcin...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/04/07 11:12 a.m.3 views

WordPress Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields vulnerability

WordPress Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin = 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPres...

6.5CVSS5.9AI score0.00407EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/04 11:16 a.m.23 views

CVE-2026-3309 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing fie...

6.5CVSS0.00407EPSS
Exploits0References2
CVE
CVE
added 2026/04/04 11:16 a.m.16 views

CVE-2026-3309

This CVE (CVE-2026-3309) concerns the ProfilePress plugin for WordPress (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) affected up to version 4.16.11. The issue enables unauthenticated attackers to perform arbitrary shortcode execution via...

6.5CVSS6.2AI score0.00407EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/04 9:30 a.m.8 views

EUVD-2026-18987

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/04 8:25 a.m.29 views

CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/04 8:25 a.m.8 views

CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/04/04 8:25 a.m.18 views

CVE-2026-3445

The CVE-2026-3445 entry documents a vulnerability in the ProfilePress WordPress plugin (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) affecting all versions up to 4.16.11. Root cause: missing ownership verification on the change_plan_sub_i...

7.1CVSS5.9AI score0.00228EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.10 views

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS6.1AI score0.00407EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.7 views

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

7.1CVSS5.8AI score0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/11 7:19 a.m.6 views

WordPress ProfilePress plugin <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Subscription Cancellation/Expiration vulnerability discovered by kai63001 in WordPress Plugin ProfilePress versions = 4.16.11...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/11 3:15 a.m.7 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS0.00379EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/11 2:22 a.m.28 views

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS0.00379EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/11 2:22 a.m.5 views

CVE-2026-3453

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/11 2:22 a.m.4 views

CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/11 2:22 a.m.4 views

EUVD-2026-11074

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the changeplansubid parameter in the processcheckout function. The ppressprocesscheckout AJAX handler accepts a...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 2:22 a.m.15 views

CVE-2026-3453

Affected software: ProfilePress plugin for WordPress (versions up to and including 4.16.11). Vulnerability details: Insecure Direct Object Reference due to missing ownership validation on the change_plan_sub_id parameter in process_checkout()’s AJAX handler. The handler loads a subscription and c...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.4 views

PT-2026-24568

Name of the Vulnerable Software and Affected Versions ProfilePress versions prior to 4.16.11 Description The ProfilePress plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is a result of a lack of ownership validation on the change plan sub id parameter within...

8.1CVSS5.9AI score0.00379EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.16 views

WordPress plugin ProfilePress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00379EPSS
Exploits0References5
Rows per page
Query Builder