Filtered by vendor Profilepress
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24955 | 1 Profilepress | 1 User Registration\, Login Form\, User Profile \& Membership | 2021-12-17 | 6.1 Medium |
| The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not escape the data parameter of the pp_get_forms_by_builder_type AJAX action before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-24954 | 1 Profilepress | 1 User Registration\, Login Form\, User Profile \& Membership | 2021-12-16 | 6.1 Medium |
| The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an admin dashboard page, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2021-24939 | 1 Profilepress | 1 Loginwp | 2021-12-06 | 6.1 Medium |
| The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue | ||||
| CVE-2016-10925 | 1 Profilepress | 1 Loginwp | 2021-12-06 | N/A |
| The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | ||||
| CVE-2019-15115 | 1 Profilepress | 1 Loginwp | 2021-12-06 | N/A |
| The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | ||||
Page 1 of 1.