The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
References
History
Wed, 21 May 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Properfraction
Properfraction profilepress |
|
CPEs | cpe:2.3:a:properfraction:profilepress:*:*:*:*:free:wordpress:*:* | |
Vendors & Products |
Properfraction
Properfraction profilepress |
Thu, 13 Feb 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Thu, 13 Feb 2025 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |
Title | ProfilePress < 4.15.20 - Admin+ Stored XSS | |
References |
|

Status: PUBLISHED
Assigner: WPScan
Published: 2025-02-13T06:00:05.649Z
Updated: 2025-02-13T14:49:34.879Z
Reserved: 2025-01-01T15:27:52.715Z
Link: CVE-2024-13119

Updated: 2025-02-13T14:49:13.316Z

Status : Analyzed
Published: 2025-02-13T06:15:20.763
Modified: 2025-05-21T19:00:15.577
Link: CVE-2024-13119

No data.