CVE-2023-23996

WordPress ProfilePress Plugin <= 4.5.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions.

We have discovered 3,380 live websites that are affected by CVE-2023-23996.

Affected Software


Product	ProfilePress
Category	Wordpress Plugins
Vulnerable Versions	from 0 through 4.5.3
Total Vulnerable Versions	95
Vulnerable Domains	3,380 live websites (17.23% of ProfilePress install base)

Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-23996 and the relative popularity of websites

Available Reports

Website List

Details

Published - Apr 6, 2023
Updated - Apr 6, 2023

Credits

Rio Darmawan (Patchstack Alliance) (finder)

CWE

CWE-79

CVE References

CWE References

cwe.mitre.org

Countries

United States	1,078 websites

Japan	365 websites
Germany	288 websites
France	175 websites
GB	149 websites
Italy	141 websites
Poland	100 websites
Spain	99 websites
Brazil	90 websites
Canada	59 websites

TLDs

.com	1,564 websites
.de	178 websites
.org	177 websites
.net	114 websites
.it	91 websites
.jp	85 websites
.co.uk	74 websites
.com.br	72 websites
.pl	71 websites
.fr	64 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2023-23996 through included software libraries and plugins.

References

https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-paid-membership-ecommerce-registration-form-login-form-user-profile-paywall-restrict-content-profilepress-plugin-4-5-3-cross-site-scripting-xss?_s_id=cve

Websites affected by CVE-2023-23996

Top websites that are affected by CVE-2023-23996. Please click on the "Contact us" button above to get more information.

Domain	Country	Rank
*.********.com	United States	,**
*********.com	Japan	,*
*.***.com	United States	,*
*.**************.com	United States	,*
*.****.com	United States	,*
************.com	United States	,*
***************.net	United States	,*
******.com	Estonia	,*
************.com	United States	,*
************.com	Japan	,*

See full domain list