CVE-2022-47444 — Cross-site Scripting in Profilepress

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 34.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Properfraction Profilepress

Timeline

PublishedMar 29

Latest updateJul 6

Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDproperfraction/profilepress4.5.3

🔴Vulnerability Details

GHSA

GHSA-m5gq-rxm3-279g: Unauth↗2023-07-06

▶