105 matches found
CVE-2024-32518
Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0...
CVE-2024-49298
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice pepro-ultimate-invoice allows Stored XSS.This issue affects PeproDev Ultimate Invoice: from n/a through = 2.0.6...
CVE-2024-8873
The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.6.9. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2023-41864
Cross-Site Request Forgery CSRF vulnerability in Pepro Dev. Group PeproDev CF7 Database.This issue affects PeproDev CF7 Database: from n/a through 1.8.0...
CVE-2025-3844
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...
CVE-2025-3924
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'validemail' value based solely on a supplied username parameter, without verifying that the requester is associated...
CVE-2025-3844
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...
CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...
CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handelajaxreq function in versions 1.9.1 to 7.5.2. This makes it possible for unauthenticated attackers to update arbitrary user's metadata whic...
CVE-2025-3921
CVE-2025-3921 affects PeproDev Ultimate Profile Solutions (WordPress). The vulnerability is due to a missing capability check in handel_ajax_req(), allowing unauthenticated attackers to modify arbitrary user metadata in versions 1.9.1–7.5.2. Reported impact includes potential admin access disrupt...
CVE-2025-3844 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Authentication Bypass to Account Takeover
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to Authentication Bypass in versions 1.9.1 to 7.5.2. This is due to handelajaxreq function not having proper restrictions on the changeusermeta functionality that makes it possible to set a OTP code and subsequently log in...
CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration
The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'validemail' value based solely on a supplied username parameter, without verifying that the requester is associated...
CVE-2025-3924
CVE-2025-3924 concerns the WordPress plugin PeproDev Ultimate Profile Solutions (versions 1.9.1 through 7.5.2) and describes an endpoint exposed for password reset that returns the candidate email based only on a supplied username. The result is unauthenticated email enumeration, potentially expo...
WordPress plugin PeproDev Ultimate Profile Solutions 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerabilit...
WordPress plugin PeproDev Ultimate Profile Solutions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2025-19911 · WordPress · Peprodev Ultimate Profile Solutions
Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions plugin for WordPress versions 1.9.1 through 7.5.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the handel ajax req function. This enables...
PT-2025-19906 · Peprodev · Peprodev Ultimate Profile Solutions
Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions versions 1.9.1 through 7.5.2 Description: The issue is related to the lack of proper authentication in the handel ajax req function, specifically with the change user meta functionality. This allows attacke...
PT-2025-19912 · WordPress · Peprodev Ultimate Profile Solutions
Name of the Vulnerable Software and Affected Versions: PeproDev Ultimate Profile Solutions plugin for WordPress affected versions not specified Description: The issue allows unauthorized access to data via a publicly exposed reset-password endpoint. The plugin looks up the valid email value based...
WordPress plugin PeproDev Ultimate Profile Solutions 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...
WordPress PeproDev Ultimate Profile Solutions 1.9.1-7.5.2 plugin - Authentication Bypass to Account Takeover
Authentication Bypass to Account Takeover vulnerability discovered by kr0d in WordPress Plugin PeproDev Ultimate Profile Solutions versions 1.9.1-7.5.2...