Home/Product/properfraction profilepress
Product

properfraction profilepress

39 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-13121
< 4.15.20
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin befor
3.5LOW
 CVE-2024-13120
< 4.15.20
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin befor
4.8MEDIUM
 CVE-2024-13119
< 4.15.20
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin befor
4.8MEDIUM
 CVE-2024-10518
< 4.15.15
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin befor
4.8MEDIUM
 CVE-2024-10517
< 4.15.5
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin befor
4.8MEDIUM
 CVE-2023-41953
< 4.13.2
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through
5.3MEDIUM
 CVE-2023-50882
< 4.13.3
Missing Authorization vulnerability in properfraction ProfilePress wp-user-avatar allows Exploiting Incorrectly Configured Access
5.3MEDIUM
 CVE-2024-11083
< 4.15.19
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.1
5.3MEDIUM
 CVE-2024-9947
< 4.11.2
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. Thi
8.1HIGH
 CVE-2024-2861
< 4.15.9
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all v
6.4MEDIUM
 CVE-2023-41954
< 4.13.2
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue af
8.6HIGH
 CVE-2024-2867
< 4.15.5
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2024-3210
< 4.15.6
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2024-1806
< 4.15.2
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2024-1535
< 4.15.3
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2024-1409
< 4.15.1
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2024-1570
< 4.15.0
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2024-1519
< 4.15.0
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.5MEDIUM
 CVE-2024-1408
< 4.15.0
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2024-1046
<= 4.14.3
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin f
6.4MEDIUM
 CVE-2022-45083
< 4.4.0
Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registrati
6.6MEDIUM
 CVE-2023-44150
< 4.13.3
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, E
7.5HIGH
 CVE-2023-23830
< 4.5.5
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions.
7.1HIGH
 CVE-2023-23820
< 4.5.5
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4
6.5MEDIUM
 CVE-2023-23996
< 4.5.4
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versi
5.9MEDIUM
 CVE-2022-47444
<= 4.5.3
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Regi
7.1HIGH
 CVE-2022-4698
< 4.5.1
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and
5.5MEDIUM
 CVE-2022-4697
< 4.5.1
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ p
5.5MEDIUM
 CVE-2021-24955
< 3.2.3
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of t
6.1MEDIUM
 CVE-2021-24954
< 3.2.3
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress
6.1MEDIUM
 CVE-2021-24939
< 3.0.0.5
The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and r
6.1MEDIUM
 CVE-2021-24522
< 3.1.11
The User Registration, User Profile, Login & Membership - ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's
6.1MEDIUM
 CVE-2021-24450
< 3.1.8
The User Registration, User Profiles, Login & Membership - ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.8 di
4.8MEDIUM
 CVE-2021-34624
>= 3.0.0 and <= 3.1.3
A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plug
9.8CRITICAL
 CVE-2021-34623
>= 3.0.0 and <= 3.1.3
A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress pl
9.8CRITICAL
 CVE-2021-34622
>= 3.0.0 and <= 3.1.3
A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordP
9.8CRITICAL
 CVE-2021-34621
>= 3.0.0 and <= 3.1.3
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPr
9.8CRITICAL
 CVE-2016-10925
< 2.9.1
The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.
6.1MEDIUM
 CVE-2019-15115
< 2.9.2
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
8.8HIGH
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh