Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

properfraction — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting properfraction. AI-powered Chinese analysis, POCs, and references for each vulnerability.

properfraction operates as a specialized software solution designed for fractional ownership management, facilitating the division and administration of high-value assets among multiple investors. Its core functionality involves handling complex financial transactions, user authentication, and asset valuation data, making it a critical component for fintech platforms. Historically, the software has exhibited vulnerabilities typical of web-based financial applications, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. These flaws often stem from insufficient input validation and improper access controls, allowing attackers to escalate privileges or exfiltrate sensitive user data. With twenty-five CVEs currently on record, the attack surface remains significant. Recent incidents highlight risks associated with insecure direct object references and broken authentication mechanisms. Organizations utilizing this platform must prioritize rigorous patch management and continuous security auditing to mitigate the persistent threat of exploitation within its infrastructure.

Top products by properfraction: Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. ProfilePress Rate My Post – Star Rating Plugin by FeedbackWP kk Star Ratings – Rate Post & Collect User Feedbacks MailOptin
CVE IDTitleCVSSSeverityPublished
CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-862 4.3 Medium2026-04-15
CVE-2026-3309 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 6.5 Medium2026-04-04
CVE-2026-3445 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-862 7.1 High2026-04-04
CVE-2026-3453 ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-639 8.1 High2026-03-11
CVE-2025-13642 ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 5.4 Medium2025-12-09
CVE-2025-58596 WordPress MailOptin Plugin <= 1.2.75.0 - Cross Site Scripting (XSS) Vulnerability — MailOptinCWE-79 5.9 Medium2025-09-03
CVE-2025-8878 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-94 6.5 Medium2025-08-16
CVE-2024-11977 kk Star Ratings – Rate Post & Collect User Feedbacks <= 5.4.10 - Unauthenticated Arbitrary Shortcode Execution — kk Star Ratings – Rate Post & Collect User FeedbacksCWE-94 7.3 High2024-12-21
CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts — Rate My Post – Star Rating Plugin by FeedbackWPCWE-639 5.3 Medium2024-12-13
CVE-2023-50882 WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability — ProfilePressCWE-862 5.3 Medium2024-12-09
CVE-2024-11083 ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-200 5.3 Medium2024-11-27
CVE-2024-8628 Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc.CWE-79 5.4 Medium2024-09-24
CVE-2024-2861 ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-05-23
CVE-2024-2867 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-20 6.4 Medium2024-05-02
CVE-2024-3210 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox' — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-04-10
CVE-2024-1806 ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-03-13
CVE-2024-1409 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-03-13
CVE-2024-1535 ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-03-13
CVE-2024-1408 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-02-20
CVE-2024-1519 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.5 Medium2024-02-20
CVE-2024-1570 ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-02-20
CVE-2024-0428 Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form — CrawlWP SEO – Instant Search Engine Indexing & SEO Performance MonitorCWE-352 7.1 High2024-02-05
CVE-2024-1046 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 6.4 Medium2024-02-05
CVE-2022-4697 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 5.5 Medium2022-12-23
CVE-2022-4698 ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePressCWE-79 5.5 Medium2022-12-23

This page lists every published CVE security advisory associated with properfraction. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.