Vulnerabilities > Properfraction > Profilepress

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-9947 Improper Authentication vulnerability in Properfraction Profilepress
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1.
network
low complexity
properfraction CWE-287
critical
 9.8
9.8
2024-05-02 CVE-2024-2867 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization and output escaping.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-04-10 CVE-2024-3210 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1409 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1535 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1806 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-02-29 CVE-2024-1408 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-02-29 CVE-2024-1519 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping.
network
low complexity
properfraction CWE-79
6.1
6.1
2024-02-29 CVE-2024-1570 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-02-05 CVE-2024-1046 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4