Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress — Plugin Vulnerabilities

N/A

2026-04-23< 4.16.14

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Wordfence CVE

Medium 4.3

2026-04-15< 4.16.13

CVE-2026-4949

CVE Wordfence EUVD

N/A

2026-03-10< 4.16.12

ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration

Wordfence CVE

N/A

2026-04-03< 4.16.12

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields

Wordfence CVE

N/A

2026-04-03< 4.16.12

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass

Wordfence CVE

Medium 5.4

2025-12-09< 4.16.8

CVE-2025-13642

CVE Wordfence

Medium 6.5

2025-08-16< 4.16.5

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution

EUVD Wordfence CVE

Low 3.5

2025-02-13< 4.15.20

CVE-2024-13121

CVE EUVD Wordfence

Medium 4.8

2025-02-13< 4.15.20

CVE-2024-13119

CVE EUVD Wordfence

Medium 4.8

2025-02-13< 4.15.20

CVE-2024-13120

CVE EUVD Wordfence

Medium 4.8

2024-12-12< 4.15.15

CVE-2024-10518

CVE Wordfence

Medium 4.8

2024-12-12< 4.15.15

CVE-2024-10517

CVE Patchstack Wordfence

Medium 5.3

2024-11-27< 4.15.19

CVE-2024-11083

CVE Patchstack Wordfence

Medium 5.4

2024-05-23< 4.15.9

CVE-2024-2861

CVE Patchstack Wordfence

Medium 5.4

2024-05-02< 4.15.5

CVE-2024-2867

CVE Patchstack Wordfence

Medium 5.4

2024-04-10< 4.15.6

CVE-2024-3210

CVE Wordfence Patchstack

Medium 5.4

2024-03-13< 4.15.3

CVE-2024-1535

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-03-13< 4.15.1

CVE-2024-1409

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-03-13< 4.15.1

CVE-2024-1806

CVE Wordfence Patchstack WPScan

Medium 6.1

2024-02-20< 4.15.0

CVE-2024-1519

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-02-20< 4.15.0

CVE-2024-1570

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-02-20< 4.15.0

CVE-2024-1408

CVE Wordfence Patchstack WPScan

Medium 5.4

2024-02-05< 4.14.4

CVE-2024-1046

CVE Wordfence Patchstack WPScan

Medium 5.3

2024-12-26< 4.13.3

WordPress ProfilePress Plugin <= 4.13.2 is vulnerable to Broken Access Control

Patchstack CVE

High 7.5

2023-11-30< 4.13.3

CVE-2023-44150

CVE Patchstack Wordfence WPScan

High 8.6

2024-05-17< 4.13.2

CVE-2023-41954

CVE Patchstack WPScan

Medium 5.3

2024-12-09< 4.13.2

CVE-2023-41953

CVE Patchstack WPScan

N/A

2023-09-09< 4.13.2

ProfilePress <= 4.13.1 Cross-Site Request Forgery via 'admin_notice'

Wordfence

N/A

2023-09-09< 4.13.2

ProfilePress <= 4.13.1 - Limited Privilege Escalation via 'acceptable_defined_roles'

Wordfence

N/A

< 3.1.11

ProfilePress < 3.1.11 - Multiple Vulnerabilities

WPScan

N/A

2023-06-26< 4.11.0

WordPress ProfilePress Plugin < 4.11.0 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-06-23< 4.11.0

ProfilePress <= 4.10.3 - Reflected Cross-Site Scripting via error message

Wordfence

High 7.1

2023-05-03< 4.5.5

CVE-2023-23830

CVE Patchstack Wordfence WPScan

Medium 6.5

2023-05-03< 4.5.5

CVE-2023-23820

CVE Patchstack Wordfence WPScan

High 7.1

2023-03-29< 4.5.5

CVE-2022-47444

CVE Wordfence Patchstack WPScan

Medium 5.9

2023-04-06< 4.5.4

CVE-2023-23996

CVE Patchstack Wordfence WPScan

Medium 4.8

2022-12-26< 4.5.1

WordPress ProfilePress Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

Medium 4.8

2022-12-26< 4.5.1

WordPress ProfilePress Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

N/A

2022-07-22< 3.2.16

WordPress Membership, User Registration, Login Form, User Profile & Restrict Content Plugin – ProfilePress <= 3.2.15 - Reflected Cross-Site Scripting

Wordfence

Medium 6.6

2024-01-19< 4.4.0

CVE-2022-45083

CVE Patchstack Wordfence

Critical 9.8

2021-07-07≥ 3.0.0 and ≤ 3.1.3

CVE-2021-34624

CVE Patchstack Wordfence WPScan

Critical 9.8

2021-07-07≥ 3.0.0 and ≤ 3.1.3

CVE-2021-34623

CVE Patchstack Wordfence WPScan

High 8.8

2021-07-07≥ 3.0.0 and ≤ 3.1.3

CVE-2021-34622

CVE Patchstack Wordfence WPScan

Critical 9.8

2021-07-07≥ 3.0.0 and ≤ 3.1.3

CVE-2021-34621

CVE Patchstack Wordfence WPScan

Medium 4.8

2021-08-02< 3.1.8

CVE-2021-24450

CVE Patchstack Wordfence WPScan

Medium 6.1

2021-08-09< 3.1.11

CVE-2021-24522

CVE Wordfence WPScan

Medium 6.1

2021-12-13< 3.2.3

CVE-2021-24955

CVE Wordfence WPScan

Medium 6.1

2021-12-13< 3.2.3

CVE-2021-24954

CVE Wordfence WPScan