| CVE-2024-1519 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2024-02-20 18:56:31 | Deep Dive |
| CVE-2024-1570 | ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-20 18:56:30 | Deep Dive |
| CVE-2024-22126 | Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application) | SAP_SE | SAP NetWeaver AS Java (User Admin Application) | Medium | 6.1 | 2024-02-13 01:58:28 | Deep Dive |
| CVE-2024-0701 | UserPro <= 5.1.6 - Disabled Membership Registration Bypass | - | UserPro - Community and User Profile WordPress Plugin | Medium | 5.3 | 2024-02-05 21:22:05 | Deep Dive |
| CVE-2024-0969 | ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 5.3 | 2024-02-05 21:22:05 | Deep Dive |
| CVE-2023-6996 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection | josevega | Display custom fields in the frontend – Post and User Profile Fields | High | 8.8 | 2024-02-05 21:22:03 | Deep Dive |
| CVE-2024-1046 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-05 21:21:51 | Deep Dive |
| CVE-2023-6982 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 6.4 | 2024-02-05 21:21:39 | Deep Dive |
| CVE-2024-0324 | User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | High | 8.2 | 2024-02-05 21:21:37 | Deep Dive |
| CVE-2023-6983 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-02-05 21:21:32 | Deep Dive |
| CVE-2023-51509 | WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) | Metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.1 | 2024-02-01 11:24:54 | Deep Dive |
| CVE-2023-52118 | WordPress WP User Profile Avatar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | WP Event Manager | WP User Profile Avatar | Medium | 6.5 | 2024-02-01 10:08:07 | Deep Dive |
| CVE-2024-22158 | WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS) | PeepSo | Community by PeepSo – Social Network, Membership, Registration, User Profiles | Medium | 6.5 | 2024-01-31 18:15:01 | Deep Dive |
| CVE-2023-2439 | WordPress plugin UserPro 安全漏洞 | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.4 | 2024-01-31 02:35:10 | Deep Dive |
| CVE-2023-6391 | Custom User CSS <= 0.2 - Settings Update via CSRF | Unknown | Custom User CSS | 高危 | - | 2024-01-29 14:44:28 | Deep Dive |
| CVE-2024-0624 | Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update | strangerstudios | Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions | Medium | 5.3 | 2024-01-25 01:55:03 | Deep Dive |
| CVE-2023-6384 | WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR | Unknown | WP User Profile Avatar | 中危 | - | 2024-01-22 19:14:25 | Deep Dive |
| CVE-2022-45083 | WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.6 | 2024-01-19 14:37:19 | Deep Dive |
| CVE-2023-0824 | UserPlus <= 2.0 - Stored XSS via CSRF | Unknown | User registration & user profile | - | - | 2024-01-16 15:56:28 | Deep Dive |
| CVE-2023-6504 | Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 4.3 | 2024-01-11 08:33:09 | Deep Dive |