Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 189 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-4133 ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect reputeinfosystemsARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup Medium 6.1 2024-05-02 16:52:18 Deep Dive
CVE-2024-2867 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.4 2024-05-02 16:52:05 Deep Dive
CVE-2023-6067 WP User Profile Avatar <= 1.0.1 - Contributor+ Stored XSS UnknownWP User Profile Avatar--2024-04-15 05:00:01 Deep Dive
CVE-2024-3210 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox' properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.4 2024-04-10 05:32:23 Deep Dive
CVE-2024-2423 UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode stiofansislandUsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP Medium 6.4 2024-04-09 18:58:42 Deep Dive
CVE-2024-27995 WordPress ARMember plugin <= 4.0.23 - Cross Site Scripting (XSS) vulnerability Repute InfosystemsARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup Medium 5.9 2024-03-21 15:00:59 Deep Dive
CVE-2024-29097 WordPress User profile plugin <= 2.0.20 - Subscriber+ Stored Cross Site Scripting (XSS) vulnerability PickPluginsUser profile Medium 6.3 2024-03-19 16:00:05 Deep Dive
CVE-2024-1806 ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.4 2024-03-13 15:27:17 Deep Dive
CVE-2024-1409 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.4 2024-03-13 15:26:49 Deep Dive
CVE-2024-1535 ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.4 2024-03-13 15:26:44 Deep Dive
CVE-2024-1158 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization themekraftPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) Medium 4.3 2024-03-13 15:26:35 Deep Dive
CVE-2024-1071 WordPress Plugin Ultimate Member 安全漏洞 ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin Critical 9.8 2024-03-13 15:26:32 Deep Dive
CVE-2024-2123 Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting ultimatememberUltimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin High 7.2 2024-03-13 09:35:15 Deep Dive
CVE-2024-1169 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload themekraftPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) High 7.5 2024-03-07 11:01:58 Deep Dive
CVE-2024-1170 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion themekraftPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) High 8.2 2024-03-07 11:01:58 Deep Dive
CVE-2024-1720 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting wpeverestUser Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder Medium 4.7 2024-03-07 05:32:39 Deep Dive
CVE-2024-1408 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.4 2024-02-20 18:56:34 Deep Dive
CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.5 2024-02-20 18:56:31 Deep Dive
CVE-2024-1570 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode properfractionPaid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Medium 6.4 2024-02-20 18:56:30 Deep Dive
CVE-2024-0701 UserPro <= 5.1.6 - Disabled Membership Registration Bypass -UserPro - Community and User Profile WordPress Plugin Medium 5.3 2024-02-05 21:22:05 Deep Dive