VYPR

Bp Profile Shortcodes Extra

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-22817MedJan 9, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra bp-profile-shortcodes-extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through <= 2.6.0.

  • CVE-2024-11732MedDec 3, 2024
    risk 0.42cvss 6.5epss 0.00

    The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…

  • CVE-2023-47815MedNov 22, 2023
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra plugin <= 2.5.2 versions.