Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ProfilePress Membership Team — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting ProfilePress Membership Team. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ProfilePress Membership Team develops WordPress membership and access control plugins, enabling user registration, content restriction, and payment processing. Historically, their plugins have been vulnerable to multiple security issues including remote code execution, cross-site scripting, privilege escalation, and authentication bypass vulnerabilities. The team has addressed at least eight CVEs, with several critical flaws allowing unauthorized access or complete site compromise. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their access control components suggests ongoing challenges in secure coding practices, particularly in input validation and permission management.

Top products by ProfilePress Membership Team: ProfilePress Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
CVE IDTitleCVSSSeverityPublished
CVE-2023-41953 WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability — ProfilePressCWE-862 5.3 Medium2024-12-09
CVE-2023-41954 WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability — ProfilePressCWE-269 8.6 High2024-05-17
CVE-2022-45083 WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-502 6.6 Medium2024-01-19
CVE-2023-44150 WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Sensitive Data Exposure — Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-200 7.5 High2023-11-30
CVE-2023-23830 WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) — ProfilePressCWE-79 7.1 High2023-05-03
CVE-2023-23820 WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) — ProfilePressCWE-79 6.5 Medium2023-05-03
CVE-2023-23996 WordPress ProfilePress Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS) — ProfilePressCWE-79 5.9 Medium2023-04-06
CVE-2022-47444 WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS) — Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 7.1 High2023-03-29

This page lists every published CVE security advisory associated with ProfilePress Membership Team. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.