CVE-2024-1806
published 2024-03-13CVE-2024-1806: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.56%
42.5th percentile
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| properfraction | profilepress | < 4.15.2 | 4.15.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ProfilePress Plugin up to 4.15.1 on WordPress Shortcode cross site scripting
vuldb·2026-04-12·CVSS 6.4
CVE-2024-1806 [MEDIUM] ProfilePress Plugin up to 4.15.1 on WordPress Shortcode cross site scripting
A vulnerability labeled as problematic has been found in ProfilePress Plugin up to 4.15.1 on WordPress. This impacts an unknown function of the component Shortcode Handler. The manipulation results in cross site scripting.
This vulnerability is known as CVE-2024-1806. It is possible to launch the attack remotely. No exploit is available.
GHSA
GHSA-f67x-2xxx-wc98: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vuln
ghsa_unreviewed·2024-03-13
CVE-2024-1806 [MEDIUM] CWE-79 GHSA-f67x-2xxx-wc98: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vuln
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Suricata
GPL EXPLOIT unicode directory traversal attempt
suricata·2010-09-23
CVE-2000-0884 GPL EXPLOIT unicode directory traversal attempt
GPL EXPLOIT unicode directory traversal attempt
Rule: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"GPL EXPLOIT unicode directory traversal attempt"; flow:established,to_server; content:"/..%c1%1c../"; nocase; reference:bugtraq,1806; reference:cve,2000-0884; reference:nessus,10537; classtype:web-application-attack; sid:2100982; rev:14; metadata:created_at 2010_09_23, cve CVE_2000_0884, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
Suricata
GPL EXPLOIT unicode directory traversal attempt
suricata·2010-09-23
CVE-2000-0884 GPL EXPLOIT unicode directory traversal attempt
GPL EXPLOIT unicode directory traversal attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL EXPLOIT unicode directory traversal attempt"; flow:established,to_server; http.uri.raw; content:"/..%c0%af../"; nocase; reference:bugtraq,1806; reference:cve,2000-0884; reference:nessus,10537; classtype:web-application-attack; sid:2100981; rev:17; metadata:created_at 2010_09_23, cve CVE_2000_0884, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
Suricata
GPL EXPLOIT unicode directory traversal attempt
suricata·2010-09-23
CVE-2000-0884 GPL EXPLOIT unicode directory traversal attempt
GPL EXPLOIT unicode directory traversal attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL EXPLOIT unicode directory traversal attempt"; flow:established,to_server; http.uri.raw; content:"/..%c1%9c../"; reference:bugtraq,1806; reference:cve,2000-0884; reference:nessus,10537; classtype:web-application-attack; sid:2100983; rev:22; metadata:created_at 2010_09_23, cve CVE_2000_0884, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
Suricata
GPL ATTACK_RESPONSE file copied ok
suricata·2010-09-23
CVE-2000-0884 GPL ATTACK_RESPONSE file copied ok
GPL ATTACK_RESPONSE file copied ok
Rule: alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"GPL ATTACK_RESPONSE file copied ok"; flow:established,to_client; file.data; content:"1 file|28|s|29| copied"; nocase; reference:bugtraq,1806; reference:cve,2000-0884; classtype:bad-unknown; sid:2100497; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0884, confidence Medium, signature_severity Informational, updated_at 2024_04_03;)
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.15.0/src/ShortcodeParser/EditProfileTag.php#L76https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040292%40wp-user-avatar%2Ftrunk&old=3038677%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=cvehttps://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.15.0/src/ShortcodeParser/EditProfileTag.php#L76https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040292%40wp-user-avatar%2Ftrunk&old=3038677%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=cve
2024-03-13
Published