cleantalk
Vulnerabilities and Security Researches

Profile Extra Fields by BestWebSoft, 588989ab-fc51-4477-9b4b-ebcfdba33bd6

CVE, Research URL

588989ab-fc51-4477-9b4b-ebcfdba33bd6

Home page URL

Security reports for Profile Extra Fields by BestWebSoft

Application

Profile Extra Fields by BestWebSoft

Published on
-
Research Description
Profile Extra Fields by BestWebSoft [profile-extra-fields] < 1.2.4 Profile Extra Fields &lt; 1.2.4 - Reflected Cross-Site Scripting The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Affected versions
max 1.2.4.
Status
vulnerable
Previous vulnerability researches
Profile Extra Fields by BestWebSoft (4a63b3fa6ec717dbea5dc6ab43c5a74d5e99e44a) , Jun 16, 2026
Profile Extra Fields by BestWebSoft (efd816c3-90d4-40bf-850a-0e4c1a756694) , Jun 16, 2026
Profile Extra Fields by BestWebSoft (4ed61f6685f340b1bb801d284c188253a9d51bf9) , Jun 16, 2026
Profile Extra Fields by BestWebSoft (588989ab-fc51-4477-9b4b-ebcfdba33bd6) , Jun 16, 2026
Profile Extra Fields by BestWebSoft (CVE-2023-4469) , Jun 07, 2024
New vulnerability
Coinbase Commerce &#8211; Crypto Gateway for WooCommerce (61af4ef8ee19e1224b67b8678be91e6a8c7d877b) , Jun 16, 2026
Coinbase Commerce &#8211; Crypto Gateway for WooCommerce (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (fc2d7281-abec-475b-8e8d-8dbc47de78da) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (4336a858-e642-431f-9d69-9b8b5f6e5e36) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (fbb699ffd6cd26aa92e9fbcfae6975f1a571a917) , Jun 16, 2026