Lucene search
+L

4 matches found

osv
osv
added 2023/07/18 3:15 a.m.5 views

CVE-2023-3714

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

8.8CVSS7.3AI score0.00692EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2023/07/18 2:39 a.m.11 views

CVE-2023-3714

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

7.5CVSS8.4AI score0.00692EPSS
Exploits0References4
cve
cve
added 2023/07/18 2:39 a.m.61 views

CVE-2023-3714

CVE-2023-3714 – ProfileGrid (WordPress) : The vulnerability stems from a missing capability check on the 'edit_group' handler, enabling authenticated attackers with group ownership to modify group options (e.g., the 'associate_role'). Affected versions are up to 5.5.2. The issue was partially pat...

8.8CVSS8.3AI score0.00692EPSS
Exploits0References4Affected Software1
patchstack
patchstack
added 2023/07/18 12:0 a.m.12 views

WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...

8.8CVSS6.4AI score0.00692EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder