| CVE-2025-4187 | UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read | - | UserPro - Community and User Profile WordPress Plugin | Medium | 5.9 | 2025-06-14 08:23:23 | Deep Dive |
| CVE-2025-4671 | Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-06-03 11:22:26 | Deep Dive |
| CVE-2025-48340 | WordPress User Profile Meta Manager plugin <= 1.02 - CSRF to Privilege Escalation vulnerability | Danny Vink | User Profile Meta Manager | Critical | 9.8 | 2025-05-19 20:33:07 | Deep Dive |
| CVE-2024-6708 | Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting | Unknown | User Profile Builder | - | - | 2025-05-15 20:07:09 | Deep Dive |
| CVE-2025-3281 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-05-06 07:24:22 | Deep Dive |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion | WPEverest | User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | Medium | 4.3 | 2025-04-19 02:22:33 | Deep Dive |
| CVE-2025-2314 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.4 | 2025-04-16 01:45:02 | Deep Dive |
| CVE-2025-3282 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-04-12 06:37:18 | Deep Dive |
| CVE-2025-3292 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.3 | 2025-04-12 06:37:17 | Deep Dive |
| CVE-2025-1702 | Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.5 | 2025-03-05 11:22:09 | Deep Dive |
| CVE-2025-1511 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.1 | 2025-02-28 05:23:14 | Deep Dive |
| CVE-2024-12038 | Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-02-22 04:21:17 | Deep Dive |
| CVE-2024-12276 | Ultimate Member <= 2.9.2 - Authenticated SQL Injection | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.3 | 2025-02-21 09:21:06 | Deep Dive |
| CVE-2024-13818 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction <= 3.8.4 - Sensitive Information Exposure via Log Files | genetechproducts | Pie Register – User Registration, Profiles & Content Restriction | Medium | 5.3 | 2025-02-21 03:21:21 | Deep Dive |
| CVE-2024-13121 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13120 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13119 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:06 | Deep Dive |
| CVE-2025-25140 | WordPress Simple User Profile plugin <= 1.9 - CSRF to Stored XSS vulnerability | Scriptonite | Simple User Profile | High | 7.1 | 2025-02-07 10:11:50 | Deep Dive |
| CVE-2024-12037 | Frontend Content Forms for User Submissions (UGC) <= 2.8.13 - Authenticated (Contributor+) Stored Cross-Site Scripting | themekraft | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | Medium | 6.4 | 2025-01-31 11:11:11 | Deep Dive |
| CVE-2024-13370 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update (save_addon_key_license) | youzify | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2025-01-25 07:24:20 | Deep Dive |