10 matches found
CVE-2024-6668
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2024-6668
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2024-6668
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2024-6668 profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2024-6668 profilepro <= 1.3 - Subscriber+ Stored Cross Site Scripting
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
CVE-2024-6668
The CVE-2024-6668 entry concerns the ProfilePro WordPress plugin (versions 1.3 and earlier). The underlying issue is improper sanitization/escaping of certain parameters and weak access controls, enabling cross-site scripting (XSS) by users with a very low privilege level (subscriber). Affected c...
WordPress plugin ProfilePro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-21487 · WordPress · Profilepro
Name of the Vulnerable Software and Affected Versions: ProfilePro WordPress plugin versions 1.3 and earlier Description: The issue concerns a lack of proper sanitization and escaping of certain parameters, combined with inadequate access controls. This could potentially allow users with a role as...
WordPress Profilepro 1.3 Cross Site Scripting Vulnerability
Exploit Title: profilepro if !response.ok throw new Error'Network response was not ok'; return response.text; .thendata = console.logdata .catcherror = console.error'Error:', error; - As an admin, go to http://example.com/wp-admin/edit.php?posttype=profileproform - Choose the default profile, cli...
WordPress Profilepro 1.3 Cross Site Scripting
Exploit Title: profilepro if !response.ok throw new Error'Network response was not ok'; return response.text; .thendata = console.logdata .catcherror = console.error'Error:', error; - As an admin, go to http://example.com/wp-admin/edit.php?posttype=profileproform - Choose the default profile, cli...