CVE-2022-47444: WordPress ProfilePress Plugin <= 4.4.1 is vulnerable to Cross Site Scripting (XSS)
First published: Wed Mar 29 2023(Updated: )
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Properfraction Profilepress | <=4.5.3 |
Remedy
Update to 4.5.4 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-47444.
What is the severity of CVE-2022-47444?
The severity of CVE-2022-47444 is high, with a CVSS score of 6.1.
What is the affected software?
The affected software is ProfilePress plugin version 4.5.3 and below.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability through unauthenticated reflected cross-site scripting (XSS).
Is there a patch available for this vulnerability?
Yes, a patch is available for this vulnerability. Please refer to the reference URL for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/weakness
- agent/title
- agent/references
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/properfraction
- canonical/properfraction profilepress
- version/properfraction profilepress/4.5.3