Lucene search
+L

5 matches found

OpenVAS
OpenVAS
added 2021/09/28 12:0 a.m.29 views

WordPress ProfilePress Plugin 3.0.0 < 3.1.4 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...

9.8CVSS9.3AI score0.68862EPSS
Exploits14References1
Vulnrichment
Vulnrichment
added 2021/07/07 12:20 p.m.13 views

CVE-2021-34622 ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation

A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...

9.8CVSS9.5AI score0.0412EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/07/07 12:20 p.m.36 views

CVE-2021-34622 ProfilePress 3.0 - 3.1.3 - Authenticated Privilege Escalation

A vulnerability in the user profile update component found in the /src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3...

9.8CVSS9.8AI score0.0412EPSS
Exploits2References1
CVE
CVE
added 2021/07/07 12:20 p.m.103 views

CVE-2021-34622

ProfilePress for WordPress (plugin) versions 3.0.0–3.1.3 contain a privilege-escalation flaw in the user profile update flow (EditUserProfile.php) that allows authenticated users to elevate to administrator by supplying arbitrary usermeta (notably wp_capabilities). Affected products: ProfilePress...

9.8CVSS8.7AI score0.0412EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/05 12:0 a.m.33 views

ProfilePress Plugin for WordPress 3.x < 3.1.4 Multiple Vulnerabilities

The WordPress ProfilePress Plugin installed on the remote host is affected by multiple vulnerabilities : - An unauthenticated privilege escalation exists when supplying wpcapabilties as an array parameter while registering. CVE-2021-34621 - An authenticated privilege escalation exists within the...

9.8CVSS9.9AI score0.68862EPSS
Exploits14References6
Rows per page
Query Builder