2 matches found
CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...
WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3403 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d701047eae02 Credits Lana Codes Required privilege...