| CVE-2023-2438 | UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.1 | 2023-11-22 15:33:30 | Deep Dive |
| CVE-2023-2448 | UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.5 | 2023-11-22 15:33:29 | Deep Dive |
| CVE-2023-2440 | UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation | - | UserPro - Community and User Profile WordPress Plugin | High | 8.8 | 2023-11-22 15:33:28 | Deep Dive |
| CVE-2023-6007 | UserPro <= 5.1.1 - Missing Authorization via multiple functions | - | UserPro - Community and User Profile WordPress Plugin | High | 7.3 | 2023-11-22 15:33:26 | Deep Dive |
| CVE-2023-2446 | UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.5 | 2023-11-22 07:32:12 | Deep Dive |
| CVE-2023-2447 | UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure | - | UserPro - Community and User Profile WordPress Plugin | Medium | 6.1 | 2023-11-22 07:32:12 | Deep Dive |
| CVE-2023-47669 | WordPress Profile Builder Plugin <= 3.10.3 is vulnerable to Cross Site Request Forgery (CSRF) | Cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 5.4 | 2023-11-13 00:55:28 | Deep Dive |
| CVE-2023-3996 | ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 4.4 | 2023-10-20 07:29:30 | Deep Dive |
| CVE-2023-3342 | User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Critical | 9.9 | 2023-07-13 02:04:15 | Deep Dive |
| CVE-2023-3343 | User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2023-07-13 02:04:15 | Deep Dive |
| CVE-2023-3011 | ARMember <= 4.0.5 - Cross-Site Request Forgery | reputeinfosystems | ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup | Medium | 6.5 | 2023-07-12 04:38:44 | Deep Dive |
| CVE-2023-2297 | Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Critical | 9.8 | 2023-04-26 23:30:18 | Deep Dive |
| CVE-2022-47444 | WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS) | ProfilePress Membership Team | Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.1 | 2023-03-29 12:35:45 | Deep Dive |
| CVE-2022-38971 | WordPress BuddyForms Plugin <= 2.7.5 is vulnerable to Cross Site Scripting (XSS) | ThemeKraft | Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions | Medium | 4.7 | 2023-03-16 08:49:16 | Deep Dive |
| CVE-2023-0814 | Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode | cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | Medium | 6.5 | 2023-02-14 01:13:13 | Deep Dive |
| CVE-2022-4831 | Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode | Unknown | Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro | 中危 | - | 2023-01-30 20:31:56 | Deep Dive |
| CVE-2022-4697 | ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.5 | 2022-12-23 15:11:46 | Deep Dive |
| CVE-2022-4698 | ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.5 | 2022-12-23 15:09:51 | Deep Dive |
| CVE-2022-4519 | WP User <= 7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting | walkeprashant | WP User – Custom Registration Forms, Login and User Profile | Medium | 5.5 | 2022-12-15 19:19:18 | Deep Dive |
| CVE-2022-3383 | Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | High | 7.2 | 2022-11-29 20:40:10 | Deep Dive |