Browse all 8 CVE security advisories affecting ProfilePress Membership Team. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ProfilePress Membership Team develops WordPress membership and access control plugins, enabling user registration, content restriction, and payment processing. Historically, their plugins have been vulnerable to multiple security issues including remote code execution, cross-site scripting, privilege escalation, and authentication bypass vulnerabilities. The team has addressed at least eight CVEs, with several critical flaws allowing unauthorized access or complete site compromise. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their access control components suggests ongoing challenges in secure coding practices, particularly in input validation and permission management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-41953 | WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability — ProfilePressCWE-862 | 5.3 | Medium | 2024-12-09 |
| CVE-2023-41954 | WordPress ProfilePress plugin <= 4.13.1 - Unauthenticated Limited Privilege Escalation vulnerability — ProfilePressCWE-269 | 8.6 | High | 2024-05-17 |
| CVE-2023-23830 | WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) — ProfilePressCWE-79 | 7.1 | High | 2023-05-03 |
| CVE-2023-23820 | WordPress ProfilePress Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS) — ProfilePressCWE-79 | 6.5 | Medium | 2023-05-03 |
| CVE-2023-23996 | WordPress ProfilePress Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS) — ProfilePressCWE-79 | 5.9 | Medium | 2023-04-06 |
This page lists every published CVE security advisory associated with ProfilePress Membership Team. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.