Lucene search
K

163 matches found

CNNVD
CNNVD
added 2024/06/12 12:0 a.m.4 views

WordPress plugin ProfileGrid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

6.3CVSS6.8AI score0.00296EPSS
Exploits0References2
OSV
OSV
added 2024/06/05 8:15 a.m.8 views

CVE-2024-5453

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...

4.3CVSS5.9AI score0.00351EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/06/05 8:15 a.m.7 views

CVE-2024-5453

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...

4.3CVSS6AI score0.00351EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.2 views

WordPress plugin ProfileGrid  安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.8AI score0.00468EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.7 views

CVE-2024-3606

The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.3 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.8AI score0.00448EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/22 12:46 p.m.5 views

WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.9...

8.8CVSS7AI score0.00448EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/05 10:15 a.m.4 views

WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability

IDOR on Friend Request vulnerability discovered by Kyle Sanchez Patchstack Alliance in WordPress Plugin ProfileGrid versions = 5.7.6...

7.1CVSS7AI score0.00379EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.13 views

WordPress ProfileGrid Plugin <= 5.7.2 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30513 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6d5652387361 Credits Van Lyubov...

6.5CVSS6.5AI score0.00455EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.8 views

WordPress Plugin ProfileGrid SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

8.8CVSS7.7AI score0.00858EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.11 views

WordPress ProfileGrid Plugin <= 5.7.1 is vulnerable to SQL Injection

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30241 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 73689cfe8f04 Credits Ngô Thiên An ancorn from VNPT-VCI Required privilege...

8.8CVSS6.8AI score0.00858EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/08 9:50 p.m.15 views

CVE-2022-36352 WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3...

6.3CVSS8AI score0.00391EPSS
Exploits0References1
OSV
OSV
added 2023/08/31 6:15 a.m.6 views

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

4.9CVSS5.8AI score0.0056EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.6 views

PT-2023-24651 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.0 Description: The issue allows unauthorized decryption of private information. This is due to the passphrase and iv being hardcoded in the pm encrypt decrypt pass function,...

4.9CVSS5.7AI score0.0056EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.6 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.9CVSS6.5AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2023/07/18 3:15 a.m.7 views

CVE-2023-3713

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

8.8CVSS5.6AI score0.00623EPSS
Exploits0References3
Prion
Prion
added 2023/07/18 3:15 a.m.11 views

Design/Logic Flaw

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

6.5CVSS8.4AI score0.00692EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/18 2:39 a.m.9 views

CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

8.8CVSS7.1AI score0.00623EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/18 2:39 a.m.22 views

CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

7.5CVSS8.5AI score0.00692EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/18 2:39 a.m.12 views

CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

5.4CVSS6.6AI score0.00467EPSS
Exploits0References3
Rows per page
Query Builder