CVE-2023-41954

HIGH EXPLOITED NUCLEI

ProfilePress < 4.13.1 - Unauthenticated Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2023-41954 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.

Nuclei Templates (1)

ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation

HIGHVERIFIEDby daffainfo

Shodan: http.component:"profilepress"

FOFA: body="/wp-content/plugins/wp-user-avatar/"

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cve

Scores

CVSS v3 8.6

EPSS 0.0140

EPSS Percentile 68.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2023-09-12

CWE

CWE-269

Status published

Products (2)

ProfilePress Membership Team/ProfilePress < 4.13.1

properfraction/profilepress < 4.13.2

Published May 17, 2024

Tracked Since Feb 18, 2026