PatchSiren cyber security CVE debrief
CVE-2026-41556 properfraction CVE debrief
A Subscriber Cross Site Scripting (XSS) vulnerability was discovered in ProfilePress plugin versions up to 4.16.13. The vulnerability has been assigned a CVSS score of 6.5, indicating a medium severity level.
- Vendor
- properfraction
- Product
- ProfilePress
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of ProfilePress plugin versions up to 4.16.13 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is a Cross Site Scripting (XSS) issue in the ProfilePress plugin, which allows subscribers to inject malicious scripts. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
medium
Recommended defensive actions
- Update ProfilePress plugin to a version higher than 4.16.13.
- Refer to the vendor's advisory at resourceLinkAnnotations with id 'ref-4' for more information and mitigation steps.
Evidence notes
The CVE record for CVE-2026-41556 was obtained from the official CVE website resourceLinkAnnotations with id 'cve-org'. The vulnerability details were obtained from the National Vulnerability Database (NVD) resourceLinkAnnotations with id 'nvd' and Patchstack resourceLinkAnnotations with id 'ref-4'.
Official resources
-
CVE-2026-41556 CVE record
CVE.org
-
CVE-2026-41556 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-41556 was published on 2026-06-15T21:16:53.037Z and modified on 2026-06-15T21:24:32.790Z.