Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/23 9:41 a.m.11 views

CVE-2024-1408

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...

6.4CVSS5.8AI score0.00598EPSS
Exploits0References1
circl
circl
added 2024/03/08 2:21 p.m.6 views

CVE-2024-1408

creationtimestamp| type| source ---|---|--- 2024-03-08 14:21:58+00:00| seen| https://t.me/ctinow/203334...

6.4CVSS7.2AI score0.00598EPSS
Exploits0References1
nvd
nvd
added 2024/02/29 1:43 a.m.20 views

CVE-2024-1408

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...

6.4CVSS5.7AI score0.00598EPSS
Exploits0References3
cve
cve
added 2024/02/20 6:56 p.m.64 views

CVE-2024-1408

The CVE concerns the WordPress ProfilePress (Paid Membership Plugin) for ProfilePress plugin in WordPress, affected up to version 4.14.4. The vulnerability is a Stored Cross-Site Scripting through the edit-profile-text-box shortcode caused by insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00598EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2024/02/20 12:0 a.m.11 views

WordPress ProfilePress Plugin <= 4.14.4 is vulnerable to Cross Site Scripting (XSS)

Software ProfilePress Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1408 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e58197c858c8 Credits Arkadiusz Hydzik Required...

6.4CVSS6AI score0.00598EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder