3 matches found
WordPress ProfilePress Plugin < 3.2.3 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...
CVE-2021-24955
The CVE-2021-24955 entry concerns the ProfilePress WordPress plugin (before 3.2.3). It describes a Reflected Cross-Site Scripting vulnerability where the data parameter of the pp_get_forms_by_builder_type AJAX action is not escaped before being output in an attribute, enabling XSS. The issue affe...
CVE-2021-24955 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the ppgetformsbybuildertype AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue...