Properfraction

Profilepress

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-3309

  • EPSS 0.04%
  • Veröffentlicht 04.04.2026 11:16:14
  • Zuletzt bearbeitet 07.04.2026 13:20:55

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due t...

7.1

CVE-2026-3445

  • EPSS 0.03%
  • Veröffentlicht 04.04.2026 08:25:20
  • Zuletzt bearbeitet 07.04.2026 13:20:55

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This...

8.1

CVE-2026-3453

  • EPSS 0.05%
  • Veröffentlicht 11.03.2026 02:22:46
  • Zuletzt bearbeitet 11.03.2026 13:52:47

The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() function....

5.4

CVE-2025-13642

  • EPSS 0.08%
  • Veröffentlicht 09.12.2025 15:23:48
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insuffic...

6.5

CVE-2025-8878

  • EPSS 0.45%
  • Veröffentlicht 16.08.2025 11:11:24
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is du...

3.5

CVE-2024-13121

Exploit
  • EPSS 0.35%
  • Veröffentlicht 13.02.2025 06:15:21
  • Zuletzt bearbeitet 21.05.2025 18:56:21

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to per...

4.8

CVE-2024-13120

Exploit
  • EPSS 0.35%
  • Veröffentlicht 13.02.2025 06:15:20
  • Zuletzt bearbeitet 21.05.2025 18:57:54

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to per...

4.8

CVE-2024-13119

Exploit
  • EPSS 0.35%
  • Veröffentlicht 13.02.2025 06:15:20
  • Zuletzt bearbeitet 21.05.2025 19:00:15

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to per...

4.8

CVE-2024-10517

Exploit
  • EPSS 0.47%
  • Veröffentlicht 12.12.2024 06:15:20
  • Zuletzt bearbeitet 17.05.2025 02:28:18

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users su...

4.8

CVE-2024-10518

Exploit
  • EPSS 0.47%
  • Veröffentlicht 12.12.2024 06:15:20
  • Zuletzt bearbeitet 17.05.2025 02:28:54

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such...