Profilepress

profilepress

5 CVEs • 2 products

Products (2)

Click to collapse

Toggle

User Registration, Login Form, User Profile & Membership

user_registration,_login_form,_user_profile_&_membership

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24955 1Profilepress 1User Registration, Login Form, User Profile & Membership Jun 17, 2026 Dec 13, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, lea...Show more The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issueShow less
CVE-2021-24954 1Profilepress 1User Registration, Login Form, User Profile & Membership Jun 17, 2026 Dec 13, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, l...Show more The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issueShow less
CVE-2021-24939 1Profilepress 1Loginwp Jun 17, 2026 Dec 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leadin...Show more The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issueShow less
CVE-2016-10925 1Profilepress 1Loginwp Nov 21, 2024 Aug 22, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.
CVE-2019-15115 1Profilepress 1Loginwp Jun 17, 2026 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.