Vulnerabilities > Properfraction

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-9947 Improper Authentication vulnerability in Properfraction Profilepress
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1.
network
low complexity
properfraction CWE-287
critical
9.8
2024-02-05 CVE-2024-1046 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
2024-01-19 CVE-2022-45083 Deserialization of Untrusted Data vulnerability in Properfraction Profilepress
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.3.2.
network
low complexity
properfraction CWE-502
7.2
2023-11-30 CVE-2023-44150 Unspecified vulnerability in Properfraction Profilepress
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.
network
low complexity
properfraction
7.5
2023-11-06 CVE-2023-47184 Cross-site Scripting vulnerability in Properfraction Admin BAR & Dashboard Access Control
Auth.
network
low complexity
properfraction CWE-79
4.8
2023-05-03 CVE-2023-23830 Cross-site Scripting vulnerability in Properfraction Profilepress
Unauth.
network
low complexity
properfraction CWE-79
6.1
2023-05-03 CVE-2023-23820 Cross-site Scripting vulnerability in Properfraction Profilepress
Auth.
network
low complexity
properfraction CWE-79
5.4
2023-04-06 CVE-2023-23996 Cross-site Scripting vulnerability in Properfraction Profilepress
Auth.
network
low complexity
properfraction CWE-79
4.8
2023-03-29 CVE-2022-47444 Cross-site Scripting vulnerability in Properfraction Profilepress
Unauth.
network
low complexity
properfraction CWE-79
6.1
2022-12-23 CVE-2022-4697 Unspecified vulnerability in Properfraction Profilepress
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping.
network
low complexity
properfraction
4.8