Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/05/19 1:42 a.m.5 views

WordPress profilepro plugin <= 1.3 - Subscriber+ Stored Cross Site Scripting vulnerability

Subscriber+ Stored Cross Site Scripting vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin profilepro versions = 1.3...

5.4CVSS6.1AI score0.00258EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.5 views

CVE-2024-6668 profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting

The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

5.5AI score0.00258EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.29 views

CVE-2024-6668

The CVE-2024-6668 entry concerns the ProfilePro WordPress plugin (versions 1.3 and earlier). The underlying issue is improper sanitization/escaping of certain parameters and weak access controls, enabling cross-site scripting (XSS) by users with a very low privilege level (subscriber). Affected c...

5.4CVSS6.1AI score0.00258EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.9 views

CVE-2024-6668 profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting

The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

0.00258EPSS
Exploits1References1
Rows per page
Query Builder