Properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress
19 CVEs affecting Properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress. Latest disclosed: 2026-04-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3453 | High | 8.1 | 2026-03-11 | The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing o… |
CVE-2026-3445 | High | 7.1 | 2026-04-04 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2026-3309 | Medium | 6.5 | 2026-04-04 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2025-8878 | Medium | 6.5 | 2025-08-16 | The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerabl… |
CVE-2024-1519 | Medium | 6.5 | 2024-02-20 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-2861 | Medium | 6.4 | 2024-05-23 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ProfilePress User Panel widget in all versions up to, and including… |
CVE-2024-2867 | Medium | 6.4 | 2024-05-02 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-3210 | Medium | 6.4 | 2024-04-10 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-1806 | Medium | 6.4 | 2024-03-13 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-1409 | Medium | 6.4 | 2024-03-13 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-1535 | Medium | 6.4 | 2024-03-13 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-1408 | Medium | 6.4 | 2024-02-20 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-1570 | Medium | 6.4 | 2024-02-20 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-1046 | Medium | 6.4 | 2024-02-05 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2022-4697 | Medium | 5.5 | 2022-12-23 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp_user_cover_default_image_url’ parameter in versions up to, and i… |
CVE-2022-4698 | Medium | 5.5 | 2022-12-23 | The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insuf… |
CVE-2025-13642 | Medium | 5.4 | 2025-12-09 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |
CVE-2024-11083 | Medium | 5.3 | 2024-11-27 | The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core sear… |
CVE-2026-4949 | Medium | 4.3 | 2026-04-15 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to… |