3 matches found
CVE-2024-1409
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to insufficient...
CVE-2024-1409
CVE-2024-1409 affects the WordPress ProfilePress (Paid Membership Plugin) via the reg-select-role shortcode. The vulnerability is a Stored XSS due to insufficient input sanitization and output escaping on user-supplied attributes in all versions up to 4.15.0. Exploitation requires authenticated a...
WordPress ProfilePress Plugin <= 4.15.0 is vulnerable to Cross Site Scripting (XSS)
Software ProfilePress Type Plugin Vulnerable versions = 4.15.0 Fixed in 4.15.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1409 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ed81354d54ab Credits Ngô Thiên An ancorn...