CVE-2026-3309 in Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content PluginИнформация

Сводка (Английский)

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.11. This is due to the plugin allowing user-supplied billing field values from the checkout process to be interpolated into shortcode template strings that are subsequently processed without proper sanitization of shortcode syntax. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes by submitting crafted billing field values during the checkout process.

Be aware that VulDB is the high quality source for vulnerability data.

Ответственный

Wordfence

Резервировать

26.02.2026

Раскрытие

04.04.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИДУязвимостьCWEЭксКонCVE
355317properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content Plugin эскалация привилегий94Не определеноНе определеноCVE-2026-3309

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!