CVE-2024-1408 in ProfilePress PluginИнформация

Сводка

по MITRE • 29.02.2024

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

Wordfence

Резервировать

09.02.2024

Раскрытие

29.02.2024

Модерация

принято

Вход

VDB-254155

EPSS

0.00598

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Want to know what is going to be exploited?

We predict KEV entries!