ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…

Read More