4 matches found
WordPress profilepro plugin <= 1.3 - Subscriber+ Stored Cross Site Scripting vulnerability
Subscriber+ Stored Cross Site Scripting vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin profilepro versions = 1.3...
CVE-2024-6668 profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2024-6668
The CVE-2024-6668 entry concerns the ProfilePro WordPress plugin (versions 1.3 and earlier). The underlying issue is improper sanitization/escaping of certain parameters and weak access controls, enabling cross-site scripting (XSS) by users with a very low privilege level (subscriber). Affected c...
CVE-2024-6668 profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...