← Back

User Registration, Login Form, User Profile & Membership

user_registration,_login_form,_user_profile_&_membership

Vendor: Profilepress • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24955
1Profilepress
1User Registration, Login Form, User Profile & Membership
Jun 17, 2026
Dec 13, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, lea...Show more
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issueShow less
CVE-2021-24954
1Profilepress
1User Registration, Login Form, User Profile & Membership
Jun 17, 2026
Dec 13, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, l...Show more
The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issueShow less