Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
properfraction profilepress vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-34621
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
Properfraction Profilepress
4 Github repositories
9.8
CVSSv3
CVE-2021-34623
A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1....
Properfraction Profilepress
9.8
CVSSv3
CVE-2021-34624
A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user registration or during profile updates. This issue affects versions 3.0.0 - 3.1.3....
Properfraction Profilepress
4.8
CVSSv3
CVE-2022-4697
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authen...
Properfraction Profilepress
4.8
CVSSv3
CVE-2022-4698
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-le...
Properfraction Profilepress
4.8
CVSSv3
CVE-2021-24450
The User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin prior to 3.1.8 did not sanitise or escape some of its settings before saving them and outputting them back in the page, allowing high privilege users such ...
Properfraction Profilepress
5.4
CVSSv3
CVE-2024-1046
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and i...
Properfraction Profilepress
7.2
CVSSv3
CVE-2022-45083
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration ...
Properfraction Profilepress
8.8
CVSSv3
CVE-2021-34622
A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versio...
Properfraction Profilepress
5.4
CVSSv3
CVE-2023-23820
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.
Properfraction Profilepress
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »