Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 4.15.18

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 26, 2024

The ProfilePress plugin on WordPress has a security issue that puts sensitive information at risk. This affects all versions, including 4.15.18, due to a vulnerability in the WordPress core search feature. This means that people who are not logged in can access private information from posts that are only supposed to be seen by higher-level users, like administrators.

Detected in:

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.