Profilepress
This hub aggregates every CVE we track for Profilepress, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
35
CVEs tracked
4
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM25HIGH5CRITICAL4LOW1
Monthly trend
0
0
0
1
1
4
0
3
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Profilepress.
- CVE-2026-41556WordPress ProfilePress plugin <= 4.16.13 - Cross Site Scripting (XSS) vulnerability6.5
- CVE-2024-13120ProfilePress < 4.15.20 - Admin+ Stored XSS4.8
- CVE-2024-13121Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS3.5
- CVE-2024-13119ProfilePress < 4.15.20 - Admin+ Stored XSS4.8
- CVE-2024-10517ProfilePress < 4.15.15 - Admin+ Stored XSS4.8
- CVE-2024-10518ProfilePress < 4.15.15 - Admin+ Stored XSS4.8
- CVE-2023-41953WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability5.3
- CVE-2023-50882WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability5.3
- CVE-2024-11083ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure5.3
- CVE-2024-9947ProfilePress - Pro <= 4.11.1 - Authentication Bypass via WordPress.com OAuth provider8.1
- CVE-2024-2861ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget6.4
- CVE-2023-41954WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability8.6
- CVE-2024-2867Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4
- CVE-2024-3210Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox'6.4
- CVE-2024-1806ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode6.4
Product normalization is registry-driven with AI assist and human review. How it works