CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on...

EUVD-2021-11072

Malware in sbrugna...

EUVD-2022-48004

Malicious code in bioql PyPI...

CVE-2022-45083

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...

CVE-2024-13120

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even wh...

CVE-2024-10518

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...

CVE-2024-3210

CVE-2024-3210 affects the Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress for WordPress. It is a Stored XSS via the reg-single-checkbox shortcode in all versions up to 4.15.5 due to insufficient input sanitization and output es...

CVE-2024-3210 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox'

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to...

CVE-2024-1535

ProfilePress WordPress plugin (formerly named ProfilePress/Restrict Content) is affected by CVE-2024-1535. According to the sources, versions up to 4.15.2 are vulnerable to stored cross-site scripting via the plugin’s shortcodes due to insufficient input sanitization and output escaping on user-s...

CVE-2024-1408

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to...

CVE-2024-1570

Affected software: ProfilePress (WordPress plugin) ≤ 4.14.4. Vulnerability: Stored Cross-Site Scripting via the login-password shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: Authenticated attackers with contributor-level permissions (o...

CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization...

CVE-2022-45083

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...

CVE-2022-45083

The CVE-2022-45083 entry concerns the ProfilePress Membership Team Paid Membership Plugin for WordPress, with a deserialization of untrusted data vulnerability. Affected components include the ProfilePress: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Rest...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgmcoderedeem POST Parameter in user-code-redemption.php, the ulgmuserfirst POST Parameter in...

PHP-Nuke 5.0 - user.php Form Element Substitution

PHP-Nuke 5.0 - user.php Form Element Substitution source: https://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the...