Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2025/02/05 12:0 a.m.8 views

WordPress ProfilePress Plugin < 4.15.15 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

4.8CVSS6.9AI score0.0034EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/12/12 6:0 a.m.9 views

CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...

5.7AI score0.0034EPSS
Exploits1References1
CVE
CVE
added 2024/12/12 6:0 a.m.61 views

CVE-2024-10517

CVE-2024-10517 affects ProfilePress family (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) for WordPress, with vulnerable Drag & Drop Builder fields not sanitised/escaped. Root cause per Red Hat/patch sources: lack of sanitisation/escaping ...

4.8CVSS5.7AI score0.0034EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/12/12 6:0 a.m.13 views

CVE-2024-10517 ProfilePress < 4.15.15 - Admin+ Stored XSS

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...

0.0034EPSS
Exploits1References1
Rows per page
Query Builder