| CVE-2024-0969 | ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 5.3 | 2024-02-05 21:22:05 | Deep Dive |
| CVE-2023-6996 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection | josevega | Display custom fields in the frontend – Post and User Profile Fields | High | 8.8 | 2024-02-05 21:22:03 | Deep Dive |
| CVE-2024-1046 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-02-05 21:21:51 | Deep Dive |
| CVE-2023-6982 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 6.4 | 2024-02-05 21:21:39 | Deep Dive |
| CVE-2024-0324 | User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | High | 8.2 | 2024-02-05 21:21:37 | Deep Dive |
| CVE-2023-6983 | Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure | josevega | Display custom fields in the frontend – Post and User Profile Fields | Medium | 4.3 | 2024-02-05 21:21:32 | Deep Dive |
| CVE-2023-52118 | WordPress WP User Profile Avatar Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) | WP Event Manager | WP User Profile Avatar | Medium | 6.5 | 2024-02-01 10:08:07 | Deep Dive |
| CVE-2023-2439 | WordPress plugin UserPro 安全漏洞 | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.4 | 2024-01-31 02:35:10 | Deep Dive |
| CVE-2023-6384 | WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR | Unknown | WP User Profile Avatar | 中危 | - | 2024-01-22 19:14:25 | Deep Dive |
| CVE-2022-45083 | WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.6 | 2024-01-19 14:37:19 | Deep Dive |
| CVE-2023-0824 | UserPlus <= 2.0 - Stored XSS via CSRF | Unknown | User registration & user profile | - | - | 2024-01-16 15:56:28 | Deep Dive |
| CVE-2023-6504 | Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 4.3 | 2024-01-11 08:33:09 | Deep Dive |
| CVE-2023-52200 | WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection | Repute Infosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Critical | 9.6 | 2024-01-08 19:18:44 | Deep Dive |
| CVE-2023-47191 | WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR) | KaineLabs | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | Medium | 6.5 | 2023-12-21 18:26:53 | Deep Dive |
| CVE-2023-44150 | WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.5 | 2023-11-30 14:50:36 | Deep Dive |
| CVE-2023-2497 | UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:39 | Deep Dive |
| CVE-2023-6008 | UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.3 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-6009 | UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:38 | Deep Dive |
| CVE-2023-2449 | UserPro <= 5.1.1 - Insecure Password Reset Mechanism | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:37 | Deep Dive |
| CVE-2023-2437 | UserPro <= 5.1.1 - Authentication Bypass to Administrator | - | UserPro - Community and User Profile WordPress Plugin | Critical | 9.8 | 2023-11-22 15:33:33 | Deep Dive |