📦 Profilepress
by Properfraction
🔍 What is Profilepress?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This critical vulnerability in the ProfilePress WordPress plugin allows unauthenticated attackers to register new user accounts with administrator privileges. It affects WordPress sites running Profil...
This critical vulnerability in the ProfilePress WordPress plugin allows unauthenticated attackers to upload arbitrary files during user registration or profile updates. This can lead to remote code ex...
The ProfilePress Pro WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators, if they know the user's...
This vulnerability in the ProfilePress WordPress plugin exposes sensitive information via debug logs to unauthorized actors. It affects all WordPress sites using ProfilePress versions up to 4.13.2, po...
This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using ProfilePress plugin versions 4.5.4 and earlier. When exploited, it enables cross-site scripti...
This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using the ProfilePress plugin. When victims view pages containing the injected scripts, attackers c...
This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into plugin settings, which then execute when other users view those settings. It affects Wor...
This vulnerability allows high-privilege WordPress users (like administrators) to inject malicious scripts into Drag & Drop Builder fields, which then execute when other users view those pages. It aff...
This CVE describes a missing authorization vulnerability in the ProfilePress WordPress plugin that allows unauthorized users to access restricted functionality. It affects all ProfilePress installatio...
The ProfilePress WordPress plugin exposes sensitive information through WordPress core search functionality. Unauthenticated attackers can access restricted content intended for administrators and oth...
This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts via the 'title' parameter in the ProfilePress plugin. The scripts are stored...