Lucene search
WpvulndbWPVDB-ID:C628C84B-8096-4096-A3BF-0404E7B096E9HistoryJan 19, 2024 - 12:00 a.m.
BP Profile Search < 5.6 - Reflected Cross-Site Scripting via BPS_FORM
2024-01-1900:00:00
wpscan.com
5
wordpress
vulnerability
reflected cross-site scripting
input sanitization
Description The BP Profile Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ BPS_FORM’ parameter in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.6 |
Related
cvelist
cvelist
nvd
nvd
CVE-2024-22293
2024-01-31 18:15:49
prion
prion
Cross site scripting
2024-01-31 18:15:00
cve
cve
CVE-2024-22293
2024-01-31 18:15:49
wordfence
wordfence
6.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPVDB-ID:C628C84B-8096-4096-A3BF-0404E7B096E9