WordPress Plugin Vulnerabilities
ProfilePress < 3.1.11 - Multiple Vulnerabilities
Description
The plugin changelog stated multiple vulnerability fixes, including Cross-Site Scripting (XSS), SQL escaping and redirection validation. The changelog stated: - Fixed missing sql unescaping in member directory search. - Validate redirect_to urls to prevent redirect to another site. - XSS fix by escaping variables in tab widget.
Affects Plugins
Fixed in version 3.1.11
References
Classification
Type
MULTI
Miscellaneous
Verified
No
Timeline
Publicly Published
2021-07-10 (about 1 years ago)
Added
2021-07-10 (about 1 years ago)
Last Updated
2021-07-10 (about 1 years ago)