4 matches found
WordPress ProfilePress Plugin < 4.15.15 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...
CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...
CVE-2024-10517
CVE-2024-10517 affects ProfilePress family (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) for WordPress, with vulnerable Drag & Drop Builder fields not sanitised/escaped. Root cause per Red Hat/patch sources: lack of sanitisation/escaping ...
CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...