Lucene search
K

163 matches found

Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.4 views

PT-2023-24645 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.1 Description: The issue allows authenticated attackers with subscriber-level permissions or above to import new users and update existing users due to a missing capability...

5.4CVSS5.4AI score0.00467EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3713 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8475e71147a0 Credits Lana Codes Required privilege...

8.8CVSS6.5AI score0.00623EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.5 views

PT-2023-25800 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...

8.8CVSS8.2AI score0.00692EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.11 views

WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...

8.8CVSS6.4AI score0.00692EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.15 views

WordPress ProfileGrid Plugin <= 5.5.0 is vulnerable to Other Vulnerability Type

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.0 Fixed in 5.5.1 OWASP Top 10 A5: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-3404 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 6dcb68eeaeb3 Credits Lana Codes Required privile...

4.9CVSS6.6AI score0.0056EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.13 views

WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3403 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d701047eae02 Credits Lana Codes Required privilege...

5.4CVSS6.6AI score0.00467EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.5 views

CVE-2023-0940 ProfileGrid < 5.3.1 - Subscriber+ Arbitrary Password Reset

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...

8.8AI score0.00823EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.6 views

WordPress Plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS8AI score0.00823EPSS
Exploits1References2
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.16 views

WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-36352 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 97a93e8f05e7 Credits István Márton Required privileg...

8.8CVSS6.5AI score0.00391EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/02 12:0 a.m.11 views

WordPress ProfileGrid Plugin < 5.3.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions 5.3.1 Fixed in 5.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0940 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0809f414e629 Credits dc11 Required privilege Subscriber...

8.8CVSS6.8AI score0.00823EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/11/17 11:15 p.m.3 views

CVE-2022-41791

Auth. subscriber+ CSV Injection vulnerability in ProfileGrid plugin = 5.1.6 on WordPress...

8.8CVSS5.8AI score0.00646EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/17 10:8 p.m.7 views

CVE-2022-41791 WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability

Auth. subscriber+ CSV Injection vulnerability in ProfileGrid plugin = 5.1.6 on WordPress...

6.5CVSS7.2AI score0.00646EPSS
Exploits0References1
CVE
CVE
added 2022/11/17 10:8 p.m.73 views

CVE-2022-41791

The CVE-2022-41791 entry concerns an authenticated CSV Injection vulnerability in the WordPress ProfileGrid plugin, affecting versions up to 5.1.6. The vulnerability is tied to ProfileGrid’s handling of CSV uploads/exports, with an impact that, per connected reports, can enable change-authorizati...

8.8CVSS7.7AI score0.00646EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/17 12:0 a.m.5 views

PT-2022-26075 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin versions = 5.1.6 Description: The issue is related to an authenticated CSV Injection vulnerability in the ProfileGrid plugin on WordPress, affecting users with subscriber or higher permissions. Recommendations: For...

8.8CVSS8.5AI score0.00646EPSS
Exploits0References4
OSV
OSV
added 2022/11/14 3:15 p.m.4 views

CVE-2022-3578

The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00946EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-7188 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid WordPress plugin versions prior to 5.1.1 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could...

6.4CVSS6.1AI score0.00946EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.5 views

WordPress plugin ProfileGrid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS5.5AI score0.00946EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.7 views

CVE-2022-3578 ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting

The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

6AI score0.00946EPSS
Exploits1References1
OSV
OSV
added 2022/01/18 5:15 p.m.5 views

CVE-2022-0233

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

5.4CVSS6.1AI score0.009EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/01/18 4:52 p.m.7 views

CVE-2022-0233 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

6.4CVSS5.8AI score0.009EPSS
Exploits1References3
Rows per page
Query Builder