Known Vulnerabilities for products from Profilepress
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Profilepress".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-3445 | Not Provided | 2026-04-04 | 2026-04-04 | |
| CVE-2026-3309 | Not Provided | 2026-04-04 | 2026-04-04 | |
| CVE-2023-23830 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 vers... | 6.1 - MEDIUM | 2023-05-03 | 2023-05-27 |
| CVE-2021-34624 | A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress... | 9.8 - CRITICAL | 2021-07-07 | 2023-05-26 |
| CVE-2021-34623 | A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPre... | 9.8 - CRITICAL | 2021-07-07 | 2023-05-26 |
| CVE-2021-34622 | A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress ... | 8.8 - HIGH | 2021-07-07 | 2023-05-26 |
| CVE-2021-34621 | A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress W... | 9.8 - CRITICAL | 2021-07-07 | 2023-05-26 |
| CVE-2021-24955 | The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter... | 6.1 - MEDIUM | 2021-12-13 | 2021-12-17 |
| CVE-2021-24954 | The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the p... | 6.1 - MEDIUM | 2021-12-13 | 2021-12-16 |
| CVE-2021-24939 | The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url ... | 6.1 - MEDIUM | 2021-12-06 | 2021-12-06 |
| CVE-2021-24522 | The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.... | 6.1 - MEDIUM | 2021-08-09 | 2023-05-26 |
| CVE-2021-24450 | The User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3... | 4.8 - MEDIUM | 2021-08-02 | 2023-11-07 |
| CVE-2019-15115 | The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | 8.8 - HIGH | 2019-08-16 | 2021-12-06 |
| CVE-2016-10925 | The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | 6.1 - MEDIUM | 2019-08-22 | 2021-12-06 |