Lucene search
K
ProperfractionProfilepress*

28 matches found

CVE
CVE
added 2024/12/09 1:16 p.m.150 views

CVE-2023-41953

CVE-2023-41953 concerns the WordPress plugin ProfilePress (Membership Team) up to version 4.13.1, where a Missing Authorization vulnerability exists. The connected PT-2023-8991 document attributes the issue to a flaw in the admin_notice() path that enables a CSRF attack due to incorrect nonce val...

5.3CVSS5.6AI score0.00403EPSS
CVE
CVE
added 2024/05/23 9:32 a.m.109 views

CVE-2024-2861

CVE-2024-2861 affects the ProfilePress WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via the ProfilePress User Panel widget in all versions up to 4.15.8, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires a...

6.4CVSS5.9AI score0.00287EPSS
CVE
CVE
added 2023/05/03 3:15 p.m.92 views

CVE-2023-23830

CVE-2023-23830 affects the WordPress ProfilePress Plugin (ProfilePress Membership Team ProfilePress) versions

7.1CVSS5.9AI score0.00411EPSS
CVE
CVE
added 2021/08/09 10:4 a.m.90 views

CVE-2021-24522

CVE-2021-24522 affects ProfilePress (formerly WP User Avatar) for WordPress, before version 3.1.11. The tabbed login/register widget is vulnerable to unauthenticated reflected XSS due to improper escaping, with some cases enabling replication via $_GET because $_POST values were mapped to $_GET. ...

6.1CVSS6AI score0.01491EPSS
Web
CVE
CVE
added 2025/02/13 6:0 a.m.83 views

CVE-2024-13120

The CVE-2024-13120 entry concerns the ProfilePress WordPress plugin (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress) prior to version 4.15.20. Technical details in connected records show the issue is a stored XSS caused by not...

4.8CVSS5.7AI score0.0029EPSS
CVE
CVE
added 2024/05/17 6:54 a.m.81 views

CVE-2023-41954

ProfilePress WordPress plugin

8.6CVSS6.8AI score0.01397EPSS
CVE
CVE
added 2024/03/13 3:27 p.m.76 views

CVE-2024-1806

The CVE-2024-1806 entry concerns the ProfilePress (Paid Membership Plugin) for WordPress. A stored XSS flaw exists in all versions up to 4.15.1 caused by insufficient input sanitization and output escaping on user-supplied attributes within the plugin’s shortcodes. Exploitation requires an attack...

6.4CVSS6AI score0.00563EPSS
CVE
CVE
added 2023/11/30 2:50 p.m.74 views

CVE-2023-44150

CVE-2023-44150 affects ProfilePress (Paid Membership Plugin) for WordPress; versions

7.5CVSS7.7AI score0.00658EPSS
CVE
CVE
added 2024/11/27 5:31 a.m.74 views

CVE-2024-11083

The CVE-2024-11083 entry concerns the ProfilePress WordPress plugin. Affected software: ProfilePress plugin for WordPress, versions up to and including 4.15.18. Vulnerability: unauthenticated access allows sensitive information exposure by abusing WordPress core search to retrieve data from posts...

5.3CVSS5.4AI score0.00399EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.71 views

CVE-2024-1570

Affected software: ProfilePress (WordPress plugin) ≤ 4.14.4. Vulnerability: Stored Cross-Site Scripting via the login-password shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: Authenticated attackers with contributor-level permissions (o...

6.4CVSS6AI score0.00483EPSS
CVE
CVE
added 2022/12/23 3:11 p.m.69 views

CVE-2022-4697

The CVE-2022-4697 relates to the WordPress ProfilePress plugin (versions up to 4.5.0). It is a Stored Cross‑Site Scripting vulnerability via the wp_user_cover_default_image_url parameter caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access with...

5.5CVSS4.6AI score0.00679EPSS
CVE
CVE
added 2024/05/02 4:52 p.m.67 views

CVE-2024-2867

CVE-2024-2867: Stored XSS in ProfilePress (Paid Membership Plugin) for WordPress. Affected versions up to 4.15.4 permit authenticated attackers with Contributor+ to inject scripts via the title parameter; scripts run when users visit the injected page. Root cause: insufficient input sanitization ...

6.4CVSS5.8AI score0.00375EPSS
CVE
CVE
added 2025/02/13 6:0 a.m.66 views

CVE-2024-13121

The CVE-2024-13121 entry concerns the WordPress Paid Membership Plugin (and related components) prior to version 4.15.20. The root cause is insufficient sanitisation/escaping of certain plugin settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disall...

3.5CVSS5.7AI score0.00296EPSS
CVE
CVE
added 2022/12/23 3:9 p.m.65 views

CVE-2022-4698

The CVE-2022-4698 entry concerns the WordPress ProfilePress plugin. Affected: ProfilePress plugin for WordPress (versions up to and including 4.5.0). Issue: Stored Cross-Site Scripting via several form fields caused by insufficient input sanitization and output escaping. Impact: Authenticated att...

5.5CVSS4.6AI score0.00634EPSS
CVE
CVE
added 2021/08/02 10:32 a.m.64 views

CVE-2021-24450

CVE-2021-24450 affects WordPress ProfilePress (former WP User Avatar) plugin prior to 3.1.8. The vulnerability arises from improper sanitisation/escaping of certain settings when saved or output, enabling an authenticated Stored XSS by high-privilege users (e.g., admins) to inject JavaScript payl...

4.8CVSS4.7AI score0.00652EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.63 views

CVE-2024-1519

CVE-2024-1519 affects the WordPress ProfilePress/Payed Membership Plugin (ProfilePress) up to version 4.14.4. The root cause is stored cross-site scripting via the name parameter due to insufficient input sanitization and output escaping. Exploitation requires an active member listing page using ...

6.5CVSS6.3AI score0.00572EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.62 views

CVE-2024-1408

The CVE concerns the WordPress ProfilePress (Paid Membership Plugin) for ProfilePress plugin in WordPress, affected up to version 4.14.4. The vulnerability is a Stored Cross-Site Scripting through the edit-profile-text-box shortcode caused by insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00598EPSS
CVE
CVE
added 2024/12/12 6:0 a.m.61 views

CVE-2024-10517

CVE-2024-10517 affects ProfilePress family (Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content) for WordPress, with vulnerable Drag & Drop Builder fields not sanitised/escaped. Root cause per Red Hat/patch sources: lack of sanitisation/escaping ...

4.8CVSS5.7AI score0.0034EPSS
CVE
CVE
added 2024/10/23 6:45 a.m.60 views

CVE-2024-9947

CVE-2024-9947 affects ProfilePress Pro for WordPress. The vulnerability is an authentication bypass in all versions up to 4.11.1 caused by insufficient verification of the user returned by the social login token, enabling unauthenticated attackers to log in as existing users (e.g., administrators...

9.8CVSS9.1AI score0.00514EPSS
CVE
CVE
added 2025/02/13 6:0 a.m.58 views

CVE-2024-13119

CVE-2024-13119 affects the ProfilePress family in WordPress via the Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content suite. The public description confirms that versions prior to 4.15.20 do not sanitize/escape certain settings, enabling Stored...

4.8CVSS5.7AI score0.0033EPSS
CVE
CVE
added 2024/04/10 5:32 a.m.56 views

CVE-2024-3210

CVE-2024-3210 affects the Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress for WordPress. It is a Stored XSS via the reg-single-checkbox shortcode in all versions up to 4.15.5 due to insufficient input sanitization and output es...

6.4CVSS5.7AI score0.00435EPSS
CVE
CVE
added 2023/05/03 12:39 p.m.53 views

CVE-2023-23820

The CVE-2023-23820 entry concerns the WordPress ProfilePress Plugin (Membership Team) versions <= 4.5.4. The vulnerability is a stored XSS that requires authentication (contributors or higher) to exploit. The available documents specify the issue as an Auth. (contributor+) Stored Cross-Site Sc...

6.5CVSS5.3AI score0.00411EPSS
CVE
CVE
added 2024/01/19 2:37 p.m.52 views

CVE-2022-45083

The CVE-2022-45083 entry concerns the ProfilePress Membership Team Paid Membership Plugin for WordPress, with a deserialization of untrusted data vulnerability. Affected components include the ProfilePress: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Rest...

7.2CVSS7AI score0.00577EPSS
CVE
CVE
added 2024/12/12 6:0 a.m.52 views

CVE-2024-10518

CVE-2024-10518 is an Admin+ Stored XSS vulnerability in the WordPress ProfilePress suite (Paid Membership Plugin/Ecommerce/User Registration Form/Login Form/User Profile & Restrict Content) up to version 4.15.15. The issue arises from unsanitized Membership Plan settings, enabling stored XSS by h...

4.8CVSS5.7AI score0.0034EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.52 views

CVE-2024-1535

ProfilePress WordPress plugin (formerly named ProfilePress/Restrict Content) is affected by CVE-2024-1535. According to the sources, versions up to 4.15.2 are vulnerable to stored cross-site scripting via the plugin’s shortcodes due to insufficient input sanitization and output escaping on user-s...

6.4CVSS6AI score0.00573EPSS
CVE
CVE
added 2024/12/09 11:29 a.m.50 views

CVE-2023-50882

CVE-2023-50882 affects the ProfilePress WordPress plugin (wp-user-avatar component). The vulnerability is a Missing Authorization / Broken Access Control issue in ProfilePress versions n/a through 4.13.2, exploitable by unauthenticated users due to incorrectly configured access control. PatchStac...

5.3CVSS5.8AI score0.0049EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.44 views

CVE-2024-1409

CVE-2024-1409 affects the WordPress ProfilePress (Paid Membership Plugin) via the reg-select-role shortcode. The vulnerability is a Stored XSS due to insufficient input sanitization and output escaping on user-supplied attributes in all versions up to 4.15.0. Exploitation requires authenticated a...

6.4CVSS6AI score0.00443EPSS
CVE
CVE
added 2023/04/06 7:46 a.m.41 views

CVE-2023-23996

CVE-2023-23996 affects the WordPress ProfilePress Plugin (ProfilePress Membership Team ProfilePress)

5.9CVSS4.9AI score0.00421EPSS