Properfraction

Profilepress

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-9947

  • EPSS 0.38%
  • Veröffentlicht 23.10.2024 07:15:04
  • Zuletzt bearbeitet 25.10.2024 16:53:12

The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for u...

5.4

CVE-2024-2861

  • EPSS 0.59%
  • Veröffentlicht 23.05.2024 10:15:09
  • Zuletzt bearbeitet 05.06.2025 20:42:23

The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attribu...

8.6

CVE-2023-41954

  • EPSS 16.72%
  • Veröffentlicht 17.05.2024 07:15:59
  • Zuletzt bearbeitet 09.06.2025 20:57:24

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.

5.4

CVE-2024-2867

  • EPSS 0.24%
  • Veröffentlicht 02.05.2024 17:15:20
  • Zuletzt bearbeitet 03.02.2025 21:31:46

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including...

5.4

CVE-2024-3210

  • EPSS 0.4%
  • Veröffentlicht 10.04.2024 06:15:07
  • Zuletzt bearbeitet 23.01.2025 16:03:20

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versio...

5.4

CVE-2024-1806

  • EPSS 0.26%
  • Veröffentlicht 13.03.2024 16:15:27
  • Zuletzt bearbeitet 23.01.2025 19:51:58

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and inclu...

5.4

CVE-2024-1535

  • EPSS 0.28%
  • Veröffentlicht 13.03.2024 16:15:24
  • Zuletzt bearbeitet 22.01.2025 20:53:46

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and inclu...

5.4

CVE-2024-1409

  • EPSS 0.27%
  • Veröffentlicht 13.03.2024 16:15:21
  • Zuletzt bearbeitet 23.01.2025 19:51:13

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions u...

5.4

CVE-2024-1570

  • EPSS 0.24%
  • Veröffentlicht 29.02.2024 01:43:52
  • Zuletzt bearbeitet 22.01.2025 16:31:46

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up t...

6.1

CVE-2024-1519

  • EPSS 1.66%
  • Veröffentlicht 29.02.2024 01:43:52
  • Zuletzt bearbeitet 22.01.2025 16:38:11

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including,...