CVE-2024-6668

Name of the Vulnerable Software and Affected Versions: ProfilePro WordPress plugin versions 1.3 and earlier

Description: The issue concerns a lack of proper sanitization and escaping of certain parameters, combined with inadequate access controls. This could potentially allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.

Recommendations: For ProfilePro WordPress plugin versions 1.3 and earlier, consider updating to a version that addresses the sanitization and access control issues. As a temporary workaround, restrict access to sensitive areas of the plugin to minimize the risk of exploitation. Avoid using vulnerable parameters in affected API endpoints until the issue is resolved.