PT-2025-33593 · WordPress · Profilepress
Kishan Vyas
+1
·
Published
2025-08-16
·
Updated
2025-08-16
·
CVE-2025-8878
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
ProfilePress versions prior to 4.16.5
Description:
The ProfilePress WordPress plugin is susceptible to arbitrary shortcode execution. The software does not properly validate a value before running
do shortcode, allowing unauthenticated attackers to execute arbitrary shortcodes. This could potentially allow attackers to modify user data or steal information.Recommendations:
Update to ProfilePress version 4.16.5 or later.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Profilepress