WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)
CVE-2024-22293
7.1HIGH
What is CVE-2024-22293?
The BP Profile Search plugin, developed by Andrea Tarantini, is vulnerable to a Cross-Site Scripting (XSS) issue due to improper neutralization of user input during web page generation. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions or redirecting victims to malicious sites. The issue affects versions from n/a to 5.5, highlighting the importance of keeping web applications up-to-date to mitigate security risks.
Affected Version(s)
BP Profile Search <= 5.5