cleantalk
Vulnerabilities and Security Researches

Profile Extra Fields by BestWebSoft, 588989ab-fc51-4477-9b4b-ebcfdba33bd6

CVE, Research URL

588989ab-fc51-4477-9b4b-ebcfdba33bd6

Home page URL

Security reports for Profile Extra Fields by BestWebSoft

Application

Profile Extra Fields by BestWebSoft

Published on
-
Research Description
Profile Extra Fields by BestWebSoft [profile-extra-fields] < 1.2.4 Profile Extra Fields &lt; 1.2.4 - Reflected Cross-Site Scripting The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.2.4.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Easy Code Snippets (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Easy Code Snippets (6ff37c2e-e21d-4abc-bafe-8ca6a2c1ed76) , Jun 16, 2026
Easy Code Snippets (7e57cd4f4859826de00a8e2b09ee24fb7f2d824b) , Jun 16, 2026
Easy Code Snippets (9157f1c1aa17fcdb38ad432b11d2de5d2db4ade2) , Jun 16, 2026
Stripe Payment Plugin for WooCommerce (d6acf7ebd652b4ccd46d39cd7b3d38b6f4f0bf94) , Jun 16, 2026