CVE-2022-4698
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
We have discovered 7,452 live websites that are affected by CVE-2022-4698.
Affected Software
| Product |  ProfilePress |
| Category | Wordpress Plugins |
| Vulnerable Domains | 7,452 live websites (13.42% of ProfilePress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 61 versions ( 53.98% of all versions) |
Details
- Published - Dec 23, 2022
- Updated - Jan 14, 2025
Credits
- Ivan Kuzymchak (finder)
CVE References
CVE-2022-4698 usage by Country
 United States | 2,561 websites |
 Japan | 1,104 websites |
 Germany | 696 websites |
 France | 375 websites |
 Russia | 248 websites |
 Poland | 219 websites |
 Brazil | 188 websites |
 GB | 183 websites |
 Spain | 165 websites |
 Italy | 161 websites |
CVE-2022-4698 usage by TLD
| .com | 3,399 websites |
| .de | 314 websites |
| .org | 307 websites |
| .net | 266 websites |
| .com.br | 250 websites |
| .jp | 231 websites |
| .ru | 200 websites |
| .pl | 189 websites |
| .it | 138 websites |
| .co.uk | 122 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-4698
Top websites that are affected by CVE-2022-4698. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | United States | *,*** | |
| *********.com | Japan | **,*** | |
| ****************.com | United States | **,*** | |
| ************.com | United States | **,*** | |
| ***************.net | United States | **,*** | |
| ************.com | Japan | **,*** | |
| *********.com | United States | **,*** | |
| ***********.****.org | United States | **,*** | |
| **************.com | United States | **,*** | |
| *********.net | United States | **,*** |
FAQ
A total of 7,452 websites have been identified as vulnerable to CVE-2022-4698, discovered through global website indexing conducted by WebTechSurvey.
ProfilePress is susceptible to CVE-2022-4698 vulnerability.
ProfilePress versions before, and including, 4.5 are vulnerable to CVE-2022-4698.