VYPR

Profilepress

by Properfraction

CVEs (22)

  • CVE-2023-44150HigNov 30, 2023
    risk 0.49cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce,…

  • CVE-2026-3453HigMar 11, 2026
    risk 0.46cvss 8.1epss 0.00

    The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() function. The ppress_process_checkout…

  • CVE-2022-45083MedJan 19, 2024
    risk 0.43cvss 6.6epss 0.01

    Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form,…

  • CVE-2026-3309MedApr 4, 2026
    risk 0.42cvss 6.5epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing…

  • CVE-2024-2867MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to…

  • CVE-2024-1806MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.01

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to…

  • CVE-2024-1409MedMar 13, 2024
    risk 0.42cvss 6.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0…

  • CVE-2024-1570MedFeb 29, 2024
    risk 0.42cvss 6.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4…

  • CVE-2024-1519MedFeb 29, 2024
    risk 0.42cvss 6.5epss 0.01

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient…

  • CVE-2024-1408MedFeb 29, 2024
    risk 0.42cvss 6.4epss 0.01

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including,…

  • CVE-2022-4698MedDec 23, 2022
    risk 0.36cvss 5.5epss 0.01

    The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2022-4697MedDec 23, 2022
    risk 0.36cvss 5.5epss 0.01

    The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2025-8878MedAug 16, 2025
    risk 0.35cvss 6.5epss 0.00

    The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing…

  • CVE-2024-2861MedMay 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2024-3210MedApr 10, 2024
    risk 0.35cvss 6.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including,…

  • CVE-2024-1535MedMar 13, 2024
    risk 0.35cvss 6.4epss 0.01

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to…

  • CVE-2024-1046MedFeb 5, 2024
    risk 0.35cvss 6.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3…

  • CVE-2023-50882MedDec 9, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through <= 4.13.2.

  • CVE-2026-4949MedApr 15, 2026
    risk 0.21cvss 4.3epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'process_checkout' function…

  • CVE-2023-41954May 17, 2024
    risk 0.01cvss epss 0.01

    Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.

Page 1 of 2