3 matches found
WordPress ProfilePress Plugin < 4.14.4 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:properfraction:profilepress"; if description...
CVE-2024-1046
ProfilePress for WordPress (WordPress plugin) is affected by CVE-2024-1046: stored cross-site scripting via the reg-number-field shortcode. The vulnerability exists in all versions up to and including 4.14.3 due to insufficient input sanitization and output escaping on user-supplied attributes. A...
WordPress ProfilePress Plugin <= 4.14.3 is vulnerable to Cross Site Scripting (XSS)
Software ProfilePress Type Plugin Vulnerable versions = 4.14.3 Fixed in 4.14.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1046 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 32548a65a82c Credits Ngô Thiên An ancorn...