Properfraction

Profilepress

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-41953

  • EPSS 0.33%
  • Veröffentlicht 09.12.2024 14:15:08
  • Zuletzt bearbeitet 09.06.2025 19:29:02

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.

5.3

CVE-2023-50882

  • EPSS 0.24%
  • Veröffentlicht 09.12.2024 13:15:38
  • Zuletzt bearbeitet 09.06.2025 19:28:15

Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2.

5.3

CVE-2024-11083

  • EPSS 0.61%
  • Veröffentlicht 27.11.2024 06:15:17
  • Zuletzt bearbeitet 05.06.2025 17:02:09

The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data ...

9.8

CVE-2024-9947

  • EPSS 0.51%
  • Veröffentlicht 23.10.2024 07:15:04
  • Zuletzt bearbeitet 25.10.2024 16:53:12

The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for u...

5.4

CVE-2024-2861

  • EPSS 0.59%
  • Veröffentlicht 23.05.2024 10:15:09
  • Zuletzt bearbeitet 08.04.2026 18:21:15

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attribu...

8.6

CVE-2023-41954

  • EPSS 16.72%
  • Veröffentlicht 17.05.2024 07:15:59
  • Zuletzt bearbeitet 09.06.2025 20:57:24

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.

5.4

CVE-2024-2867

  • EPSS 0.24%
  • Veröffentlicht 02.05.2024 17:15:20
  • Zuletzt bearbeitet 08.04.2026 18:21:15

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including...

5.4

CVE-2024-3210

  • EPSS 0.4%
  • Veröffentlicht 10.04.2024 06:15:07
  • Zuletzt bearbeitet 08.04.2026 19:21:17

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versio...

5.4

CVE-2024-1806

  • EPSS 0.26%
  • Veröffentlicht 13.03.2024 16:15:27
  • Zuletzt bearbeitet 08.04.2026 19:20:52

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and inclu...

5.4

CVE-2024-1535

  • EPSS 0.28%
  • Veröffentlicht 13.03.2024 16:15:24
  • Zuletzt bearbeitet 08.04.2026 18:20:42

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and inclu...