4 matches found
CVE-2023-3714
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...
CVE-2023-3714
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...
CVE-2023-3714
CVE-2023-3714 – ProfileGrid (WordPress) : The vulnerability stems from a missing capability check on the 'edit_group' handler, enabling authenticated attackers with group ownership to modify group options (e.g., the 'associate_role'). Affected versions are up to 5.5.2. The issue was partially pat...
WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...