Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 4.5.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 23, 2022

The ProfilePress plugin for WordPress is not secure for versions up to 4.5.0. This means that someone with administrator privileges who has access to the plugin could inject malicious code into the website. This code would then be executed whenever someone visits the website. This would only be a problem if the website is a multi-site installation or if the security feature called “”unfiltered_html”” has been turned off.

Detected in:

Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress fixed vulnerable versions: >= * <= 4.5.0
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.