Vulnerabilities > Properfraction > Profilepress > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-05-02 CVE-2024-2867 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization and output escaping.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-04-10 CVE-2024-3210 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1409 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1535 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-03-13 CVE-2024-1806 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-02-29 CVE-2024-1408 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-02-29 CVE-2024-1519 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping.
network
low complexity
properfraction CWE-79
6.1
6.1
2024-02-29 CVE-2024-1570 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2024-02-05 CVE-2024-1046 Cross-site Scripting vulnerability in Properfraction Profilepress
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
properfraction CWE-79
5.4
5.4
2023-05-03 CVE-2023-23830 Unspecified vulnerability in Properfraction Profilepress
Unauth.
network
low complexity
properfraction
6.1
6.1