Lucene search
PRIOn knowledge basePRION:CVE-2023-3403HistoryJul 18, 2023 - 3:15 a.m.
Design/Logic Flaw
2023-07-1803:15:00
PRIOn knowledge base
www.prio-n.com
5
profilegrid
wordpress
data modification
capability check
authenticated attackers
subscriber-level permissions
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘pm_upload_csv’ function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| profilegrid | le | 5.5.1 |
References
plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/admin/class-profile-magic-admin.php
plugins.trac.wordpress.org/changeset/2938904/profilegrid-user-profiles-groups-and-communities
www.wordfence.com/threat-intel/vulnerabilities/id/b335fc19-2998-4711-8813-6cb68d7447bd?source=cve
Related
nvd
nvd
CVE-2023-3403
2023-07-18 03:15:55
wpvulndb
wpvulndb
ProfileGrid < 5.5.2 - Subscriber+ Unauthorized Data Modification
2023-07-18 00:00:00
cvelist
cvelist
CVE-2023-3403
2023-07-18 02:39:25
cve
cve
CVE-2023-3403
2023-07-18 03:15:55
wordfence
wordfence