VYPR

Profilepress

by WordPress

Source repositories

CVEs (30)

  • CVE-2025-8878MedAug 16, 2025
    risk 0.35cvss 6.5epss 0.00

    The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing…

  • CVE-2024-6668MedMay 15, 2025
    risk 0.35cvss 5.4epss 0.00

    The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks

  • CVE-2024-2861MedMay 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including, 4.15.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2024-3210MedApr 10, 2024
    risk 0.35cvss 6.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including,…

  • CVE-2024-1535MedMar 13, 2024
    risk 0.35cvss 6.4epss 0.01

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to…

  • CVE-2024-1046MedFeb 5, 2024
    risk 0.35cvss 6.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3…

  • CVE-2023-41953MedDec 9, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.

  • CVE-2021-24450MedAug 2, 2021
    risk 0.31cvss 4.8epss 0.01

    The User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.8 did not sanitise or escape some of its settings before saving them and outputting them back in the page, allowing high privilege users such as admin…

  • CVE-2025-13642MedDec 9, 2025
    risk 0.28cvss 5.4epss 0.00

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on…

  • CVE-2024-11083MedNov 27, 2024
    risk 0.27cvss 5.3epss 0.00

    The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been…

Page 2 of 2