ProfilePress
properfraction
Developer
4.16.14
Latest version
100,000
Installations
No date
Last updated
Vulnerability history
0 present
37 patched
15 Mitigation rules
- WordPress Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields vulnerability<= 4.16.117 days ago
- Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability<= 4.16.1111/03/2026
- Admin+ Stored XSS vulnerability< 4.15.1530/01/2026
- Admin+ Stored XSS vulnerability< 4.15.2031/12/2025
- Admin+ Stored XSS vulnerability< 4.15.2031/12/2025
- Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability<= 4.16.709/12/2025
- Unauthenticated Arbitrary Shortcode Execution vulnerability<= 4.16.416/08/2025
- Admin+ Stored XSS vulnerability< 4.15.2013/02/2025
- Admin+ Stored XSS vulnerability< 4.15.1512/12/2024
- Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability<= 4.15.1826/11/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget vulnerability<= 4.15.823/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 4.15.415/04/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 4.15.511/04/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 4.15.212/03/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode vulnerability< 4.15.126/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode vulnerability<= 4.15.026/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 4.14.420/02/2024
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 4.14.420/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode vulnerability<= 4.14.420/02/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 4.14.302/02/2024
- Broken Access Control vulnerability<= 4.13.226/12/2023
- Sensitive Data Exposure via Debug Log vulnerability<= 4.13.202/10/2023
- Unauthenticated Limited Privilege Escalation vulnerability<= 4.13.112/09/2023
- Broken Access Control vulnerability<= 4.13.112/09/2023
- Reflected Cross-Site Scripting via error message vulnerability< 4.11.026/06/2023
- Cross Site Scripting (XSS) vulnerability<= 4.5.421/02/2023
- Cross Site Scripting (XSS) vulnerability<= 4.5.420/02/2023
- Cross Site Scripting (XSS)<= 4.5.327/01/2023
- Cross Site Scripting (XSS)<= 4.5.320/01/2023
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 4.5.026/12/2022
- Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings vulnerability<= 4.5.026/12/2022
- Auth. PHP Object Injection vulnerability<= 4.3.214/12/2022
- Unauthenticated Privilege Escalation vulnerability3.0-3.1.328/06/2021
- Authenticated Privilege Escalation vulnerability3.0-3.1.328/06/2021
- Arbitrary File Upload in Image Uploader Component vulnerability3.0-3.1.328/06/2021
- Arbitrary File Upload in File Uploader Component vulnerability3.0-3.1.328/06/2021
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 3.1.728/06/2021