ProfilePress < 3.1.11 - Cross-Site Scripting

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 week 22 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The ProfilePress plugin for WordPress before 3.1.11 is vulnerable to unauthenticated reflected cross-site scripting (XSS) via the tabbed login/register widget due to improper escaping of user input. Attackers can inject arbitrary JavaScript via the tabbed-login-name parameter.


References:

Remediation:
Update the ProfilePress plugin to version 3.1.11 or later.
Get started to protecting your digital assets