Properfraction Profilepress — known CVE vulnerabilities
Every CVE whose affected-product data names Properfraction Profilepress, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2021-34622 — CVSS 9.8 (critical): A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress…
CVE-2021-34621 — CVSS 9.8 (critical): A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress…
CVE-2021-34623 — CVSS 9.8 (critical): A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made…
CVE-2021-34624 — CVSS 9.8 (critical): A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made…
CVE-2023-41954 — CVSS 8.6 (high): Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects…
CVE-2024-9947 — CVSS 8.1 (high): The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due…
CVE-2023-44150 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce…
CVE-2023-23830 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.
CVE-2022-47444 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration…
CVE-2022-45083 — CVSS 6.6 (medium): Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form…
CVE-2024-1519 — CVSS 6.5 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-1046 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-1408 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-1409 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-1535 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-1570 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-1806 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-2861 — CVSS 6.4 (medium): The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions…
CVE-2024-2867 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2024-3210 — CVSS 6.4 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for…
CVE-2021-24522 — CVSS 6.1 (medium): The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget…
CVE-2022-4698 — CVSS 5.5 (medium): The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and…
CVE-2022-4697 — CVSS 5.5 (medium): The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter…
CVE-2024-11083 — CVSS 5.3 (medium): The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the…
CVE-2023-41953 — CVSS 5.3 (medium): Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1.
CVE-2024-13120 — CVSS 4.8 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20…
CVE-2024-13119 — CVSS 4.8 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20…
CVE-2021-24450 — CVSS 4.8 (medium): The User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.8 did not…
CVE-2024-10517 — CVSS 4.8 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15…
CVE-2024-10518 — CVSS 4.8 (medium): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15…
CVE-2024-13121 — CVSS 3.5 (low): The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20…