531 matches found
WordPress ProfileGrid plugin <= 4.7.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress ProfileGrid plugin versions = 4.7.4. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 4.7.5...
ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts...
CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...
CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...
Remote code execution
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...
CVE-2019-15873
The WordPress plugin profilegrid-user-profiles-groups-and-communities (Profiles Grid) is vulnerable before version 2.8.6. The issue is remote code execution via wp-admin/admin-ajax.php using action=pm_template_preview&html=
WordPress profilegrid-user-profiles-groups-and-communities plugin code injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. profilegrid-user-profiles-groups-and-communities is a plugin for configuring site user permissions. A code injection vulnerability...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 2.8.5 - Authenticated Code Execution vulnerability
Authenticated Code Execution vulnerability found in WordPress ProfileGrid– User Profiles, Groups and Communities plugin versions = 2.8.5. Solution Update the WordPress ProfileGrid – User Profiles, Groups and Communities plugin to the latest available version at least 2.8.6...
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. PoC Send an authenticated POST request to...
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...
WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting
A reflected cross-site scripting vulnerability was found in ProfileGrid plugin in 2.6.6 version. The vulnerability exists in the file /admin/partials/user-manager.php. There some of $GET parameters are not escaped. For example: ifisset$GET‘search’ echo $GET‘search’; … Solution Update the plugin...