Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

properfraction — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting properfraction. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by properfraction:Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePresskk Star RatingsCrawlWP SEO – Instant Search Engine Indexing & SEO Performance MonitorMailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.ProfilePressRate My Post – Star Rating Plugin by FeedbackWPkk Star Ratings – Rate Post & Collect User FeedbacksMailOptin
CVE IDTitleCVSSSeverityPublished
CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-862 4.3 Medium2026-04-15
CVE-2026-3309 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 6.5 Medium2026-04-04
CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-862 7.1 High2026-04-04
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-639 8.1 High2026-03-11
CVE-2025-13642 ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 5.4 Medium2025-12-09
CVE-2025-58596 WordPress MailOptin Plugin <= 1.2.75.0 - Cross Site Scripting (XSS) Vulnerability — MailOptinCWE-79 5.9 Medium2025-09-03
CVE-2025-8878 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 6.5 Medium2025-08-16
CVE-2023-46639 WordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerability — kk Star RatingsCWE-862 5.3 Medium2025-01-02
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution — kk Star Ratings – Rate Post & Collect User FeedbacksCWE-94 7.3 High2024-12-21
CVE-2023-36528 WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability — kk Star RatingsCWE-862 5.3 Medium2024-12-13
CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts — Rate My Post – Star Rating Plugin by FeedbackWPCWE-639 5.3 Medium2024-12-13
CVE-2023-50882 WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability — ProfilePressCWE-862 7.1 -2024-12-09
CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-200 5.3 Medium2024-11-27
CVE-2024-8628 Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.CWE-79 5.4 Medium2024-09-24
CVE-2024-2861 ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-05-23
CVE-2024-2867 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-20 6.4 Medium2024-05-02
CVE-2024-3210 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox' — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-04-10
CVE-2024-1806 ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-03-13
CVE-2024-1409 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-03-13
CVE-2024-1535 ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-03-13
CVE-2024-1408 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-02-20
CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.5 Medium2024-02-20
CVE-2024-1570 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-02-20
CVE-2024-0428 Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form — CrawlWP SEO – Instant Search Engine Indexing & SEO Performance MonitorCWE-352 7.1 High2024-02-05
CVE-2024-1046 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-02-05
CVE-2022-4697 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 5.5 Medium2022-12-23
CVE-2022-4698 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 5.5 Medium2022-12-23

This page lists every published CVE security advisory associated with properfraction. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.