Known Vulnerabilities for products from Properfraction
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Properfraction".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-58596 | Not Provided | 2025-09-03 | 2026-04-01 | |
| CVE-2023-47184 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control p... | 4.8 - MEDIUM | 2023-11-06 | 2023-11-14 |
| CVE-2023-44150 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-30 | 2023-12-06 |
| CVE-2023-23996 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 v... | 4.8 - MEDIUM | 2023-04-06 | 2023-11-07 |
| CVE-2023-23830 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 vers... | 6.1 - MEDIUM | 2023-05-03 | 2023-05-27 |
| CVE-2023-23820 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= ... | 5.4 - MEDIUM | 2023-05-03 | 2023-05-06 |
| CVE-2022-47444 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce,... | 6.1 - MEDIUM | 2023-03-29 | 2023-11-07 |
| CVE-2022-45083 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2024-01-19 | 2024-01-25 |
| CVE-2022-4698 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to,... | 4.8 - MEDIUM | 2022-12-23 | 2023-11-07 |
| CVE-2022-4697 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url... | 4.8 - MEDIUM | 2022-12-23 | 2023-11-07 |
| CVE-2021-34624 | A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress... | 9.8 - CRITICAL | 2021-07-07 | 2023-05-26 |
| CVE-2021-34623 | A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPre... | 9.8 - CRITICAL | 2021-07-07 | 2023-05-26 |
| CVE-2021-34622 | A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress ... | 8.8 - HIGH | 2021-07-07 | 2023-05-26 |
| CVE-2021-34621 | A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress W... | 9.8 - CRITICAL | 2021-07-07 | 2023-05-26 |
| CVE-2021-24522 | The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.... | 6.1 - MEDIUM | 2021-08-09 | 2023-05-26 |
| CVE-2021-24450 | The User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3... | 4.8 - MEDIUM | 2021-08-02 | 2023-11-07 |