Profilepro
1 CVEs
product
Monthly
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Profilepro
NVD
WPScan
CVSS 3.1
5.4
EPSS
0.1%
EPSS 0%
CVSS 5.4
MEDIUM
POC
This Month
The ProfilePro WordPress plugin through 1.3 does not sanitise and escape some parameters and lacks proper access controls, which could allow users with a role as low as subscriber to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Profilepro
NVD
WPScan