CVE-2023-44150 — Sensitive Information Exposure in Profilepress

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Properfraction Profilepress

Timeline

PublishedNov 30

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress: from n/a through 4.13.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDproperfraction/profilepress< 4.13.3

🔴Vulnerability Details

GHSA

GHSA-vmpx-77rh-vj42: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registrati↗2023-11-30

▶