Vulnerabilities > Profilepress > User Registration Login Form User Profile Membership > 3.2.2

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-13	CVE-2021-24954	Unspecified vulnerability in Profilepress User Registration, Login Form, User Profile & Membership 3.2.2 The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue network low complexity profilepress	6.1
2021-12-13	CVE-2021-24955	Unspecified vulnerability in Profilepress User Registration, Login Form, User Profile & Membership 3.2.2 The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue network low complexity profilepress	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.