CVE-2023-41954

HIGH EXPLOITED NUCLEI

Properfraction Profilepress < 4.13.2 - Improper Privilege Management

Title source: rule

Description

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.

Nuclei Templates (1)

ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation

HIGHVERIFIEDby daffainfo

Shodan: http.component:"profilepress"

FOFA: body="/wp-content/plugins/wp-user-avatar/"

References (1)

[Third Party Advisory] https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cve

Scores

CVSS v3 8.6

EPSS 0.1672

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Details

VulnCheck KEV 2023-09-12

CWE

CWE-269

Status published

Products (1)

properfraction/profilepress < 4.13.2

Published May 17, 2024

Tracked Since Feb 18, 2026