Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 4.5.3

  • Severity: high-risk
  • Status: Fixed
  • Publication: March 27, 2023

The ProfilePress plugin for WordPress has a security vulnerability that allows unauthenticated attackers to inject malicious web scripts on pages. This vulnerability affects versions up to 4.5.3 and is caused by inadequate checks and safeguards which prevent the scripts from being executed when a user visits the page.

Detected in:

Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress fixed vulnerable versions: >= * <= 4.5.3
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.