CVE Catalog
CVE-2026-41556
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.21%
11th percentile - higher than 11% of all known CVEs
Summary
There is a Cross Site Scripting (XSS) vulnerability in ProfilePress versions <= 4.16.13 related to subscribers.
Risk Assessment
An attacker could exploit this vulnerability to inject malicious scripts, potentially leading to user data theft or session hijacking.
Recommendation
It is recommended to update to the latest version of ProfilePress to mitigate this vulnerability.
Original NVD description (English source)
Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.

