3 matches found
CVE-2024-1570
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient...
CVE-2024-1570
Affected software: ProfilePress (WordPress plugin) ≤ 4.14.4. Vulnerability: Stored Cross-Site Scripting via the login-password shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: Authenticated attackers with contributor-level permissions (o...
WordPress ProfilePress Plugin <= 4.14.4 is vulnerable to Cross Site Scripting (XSS)
Software ProfilePress Type Plugin Vulnerable versions = 4.14.4 Fixed in 4.15.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1570 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ebc427c2e4de Credits Arkadiusz Hydzik Required...