5 matches found
WordPress ProfilePress Plugin 3.0.0 < 3.1.4 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...
CVE-2021-34622 ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation
A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...
CVE-2021-34622 ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation
A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...
CVE-2021-34622
ProfilePress for WordPress (plugin) versions 3.0.0–3.1.3 contain a privilege-escalation flaw in the user profile update flow (EditUserProfile.php) that allows authenticated users to elevate to administrator by supplying arbitrary usermeta (notably wp_capabilities). Affected products: ProfilePress...
ProfilePress Plugin for WordPress 3.x < 3.1.4 Multiple Vulnerabilities
The WordPress ProfilePress Plugin installed on the remote host is affected by multiple vulnerabilities : - An unauthenticated privilege escalation exists when supplying wpcapabilties as an array parameter while registering. CVE-2021-34621 - An authenticated privilege escalation exists within the...