ProfilePress
properfraction
Developer
4.16.12
Latest version
100,000
Installations
No date
Last updated
Vulnerability history
0 present
36 patched
14 Mitigation rules
- Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration vulnerability<= 4.16.11Mar 11, 2026
- Admin+ Stored XSS vulnerability< 4.15.15Jan 30, 2026
- Admin+ Stored XSS vulnerability< 4.15.20Dec 31, 2025
- Admin+ Stored XSS vulnerability< 4.15.20Dec 31, 2025
- Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability<= 4.16.7Dec 9, 2025
- Unauthenticated Arbitrary Shortcode Execution vulnerability<= 4.16.4Aug 16, 2025
- Admin+ Stored XSS vulnerability< 4.15.20Feb 13, 2025
- Admin+ Stored XSS vulnerability< 4.15.15Dec 12, 2024
- Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability<= 4.15.18Nov 26, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget vulnerability<= 4.15.8May 23, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 4.15.4Apr 15, 2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 4.15.5Apr 11, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 4.15.2Mar 12, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode vulnerability< 4.15.1Feb 26, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode vulnerability<= 4.15.0Feb 26, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 4.14.4Feb 20, 2024
- Unauthenticated Stored Cross-Site Scripting vulnerability<= 4.14.4Feb 20, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode vulnerability<= 4.14.4Feb 20, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 4.14.3Feb 2, 2024
- Broken Access Control vulnerability<= 4.13.2Dec 26, 2023
- Sensitive Data Exposure via Debug Log vulnerability<= 4.13.2Oct 2, 2023
- Unauthenticated Limited Privilege Escalation vulnerability<= 4.13.1Sep 12, 2023
- Broken Access Control vulnerability<= 4.13.1Sep 12, 2023
- Reflected Cross-Site Scripting via error message vulnerability< 4.11.0Jun 26, 2023
- Cross Site Scripting (XSS) vulnerability<= 4.5.4Feb 21, 2023
- Cross Site Scripting (XSS) vulnerability<= 4.5.4Feb 20, 2023
- Cross Site Scripting (XSS)<= 4.5.3Jan 27, 2023
- Cross Site Scripting (XSS)<= 4.5.3Jan 20, 2023
- Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability<= 4.5.0Dec 26, 2022
- Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings vulnerability<= 4.5.0Dec 26, 2022
- Auth. PHP Object Injection vulnerability<= 4.3.2Dec 14, 2022
- Unauthenticated Privilege Escalation vulnerability3.0-3.1.3Jun 28, 2021
- Authenticated Privilege Escalation vulnerability3.0-3.1.3Jun 28, 2021
- Arbitrary File Upload in Image Uploader Component vulnerability3.0-3.1.3Jun 28, 2021
- Arbitrary File Upload in File Uploader Component vulnerability3.0-3.1.3Jun 28, 2021
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 3.1.7Jun 28, 2021