Vulnerabilities > Properfraction > Profilepress > 4.15.0

DATE CVE VULNERABILITY TITLE RISK
2024-05-02 CVE-2024-2867 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization and output escaping.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-04-10 CVE-2024-3210 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1409 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1535 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1806 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4