Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress, with AI-generated Chinese analysis, references, and POCs.

Vendor: properfraction

CVE IDTitleCVSSSeverityPublished
CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription CWE-862 4.3 Medium2026-04-15
CVE-2026-3309 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields CWE-94 6.5 Medium2026-04-04
CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass CWE-862 7.1 High2026-04-04
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration CWE-639 8.1 High2026-03-11
CVE-2025-13642 ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution CWE-94 5.4 Medium2025-12-09
CVE-2025-8878 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution CWE-94 6.5 Medium2025-08-16
CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure CWE-200 5.3 Medium2024-11-27
CVE-2024-2861 ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget CWE-79 6.4 Medium2024-05-23
CVE-2024-2867 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-20 6.4 Medium2024-05-02
CVE-2024-3210 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox' CWE-79 6.4 Medium2024-04-10
CVE-2024-1806 ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode CWE-79 6.4 Medium2024-03-13
CVE-2024-1409 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode CWE-79 6.4 Medium2024-03-13
CVE-2024-1535 ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-03-13
CVE-2024-1408 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode CWE-79 6.4 Medium2024-02-20
CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting CWE-79 6.5 Medium2024-02-20
CVE-2024-1570 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2024-02-20
CVE-2024-1046 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-02-05
CVE-2022-45083 WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection CWE-502 6.6 Medium2024-01-19
CVE-2022-4697 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 5.5 Medium2022-12-23
CVE-2022-4698 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings CWE-79 5.5 Medium2022-12-23

All 20 known CVE vulnerabilities affecting Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress with full Chinese analysis, references, and POCs where available.