ProfilePress Vulnerability- Authenticated Stored Cross-Site Scripting via Shortcode – CVE-2024-1535 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,610,237 Active Installs: 200,000 Last Updated: March 14, 2024 Patched Versions: 4.15.3 Affected Versions: <= 4.15.2 Vulnerability Details: Name: ProfilePress <=…

Read More

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode – CVE-2024-1806 | WordPress Plugin Vulnerability Report

Plugin Name: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,533,974 Active Installs: 200,000 Last Updated: February 27, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.1 Vulnerability Details: Name: ProfilePress <=…

Read More

ProfilePress Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode – CVE-2024-1409 | WordPress Plugin Vulnerability Report

Plugin Name: ProfilePress Key Information: Software Type: Plugin Software Slug: wp-user-avatar Software Status: Active Software Author: collizo4sky Software Downloads: 12,483,598 Active Installs: 200,000 Last Updated: February 22, 2024 Patched Versions: 4.15.1 Affected Versions: <= 4.15.0 Vulnerability Details: Name: ProfilePress <= 4.15.0 – Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode Type: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE: CVE-2024-1409 CVSS Score: 6.4 (Medium) Publicly…

Read More