Lucene search
K

531 matches found

Patchstack
Patchstack
added 2022/01/18 12:0 a.m.18 views

WordPress ProfileGrid plugin <= 4.7.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress ProfileGrid plugin versions = 4.7.4. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 4.7.5...

6.4CVSS2.1AI score0.009EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/18 12:0 a.m.23 views

ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts...

6.4CVSS4.8AI score0.009EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/09/03 1:15 p.m.7 views

CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

8.8CVSS7.8AI score0.03883EPSS
Exploits2References2
NVD
NVD
added 2019/09/03 1:15 p.m.12 views

CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

8.8CVSS9.2AI score0.03883EPSS
Exploits2References2
Prion
Prion
added 2019/09/03 1:15 p.m.13 views

Remote code execution

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

6.5CVSS9.1AI score0.03883EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/09/03 12:22 p.m.71 views

CVE-2019-15873

The WordPress plugin profilegrid-user-profiles-groups-and-communities (Profiles Grid) is vulnerable before version 2.8.6. The issue is remote code execution via wp-admin/admin-ajax.php using action=pm_template_preview&html=

8.8CVSS9.1AI score0.03883EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2019/09/03 12:0 a.m.3 views

WordPress profilegrid-user-profiles-groups-and-communities plugin code injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. profilegrid-user-profiles-groups-and-communities is a plugin for configuring site user permissions. A code injection vulnerability...

8.8CVSS7.3AI score0.03883EPSS
Exploits2References1
Patchstack
Patchstack
added 2018/06/05 12:0 a.m.13 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 2.8.5 - Authenticated Code Execution vulnerability

Authenticated Code Execution vulnerability found in WordPress ProfileGrid– User Profiles, Groups and Communities plugin versions = 2.8.5. Solution Update the WordPress ProfileGrid – User Profiles, Groups and Communities plugin to the latest available version at least 2.8.6...

4.8AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/05/18 12:0 a.m.17 views

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. PoC Send an authenticated POST request to...

6.5CVSS3AI score0.03883EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2018/05/18 12:0 a.m.18 views

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...

6.5CVSS2.1AI score0.03883EPSS
Exploits2References1
Patchstack
Patchstack
added 2017/11/27 12:0 a.m.14 views

WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting

A reflected cross-site scripting vulnerability was found in ProfileGrid plugin in 2.6.6 version. The vulnerability exists in the file /admin/partials/user-manager.php. There some of $GET parameters are not escaped. For example: ifisset$GET‘search’ echo $GET‘search’; … Solution Update the plugin...

2.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder