163 matches found
PT-2023-24645 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.1 Description: The issue allows authenticated attackers with subscriber-level permissions or above to import new users and update existing users due to a missing capability...
WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3713 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8475e71147a0 Credits Lana Codes Required privilege...
PT-2023-25800 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...
WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...
WordPress ProfileGrid Plugin <= 5.5.0 is vulnerable to Other Vulnerability Type
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.0 Fixed in 5.5.1 OWASP Top 10 A5: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-3404 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 6dcb68eeaeb3 Credits Lana Codes Required privile...
WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3403 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d701047eae02 Credits Lana Codes Required privilege...
CVE-2023-0940 ProfileGrid < 5.3.1 - Subscriber+ Arbitrary Password Reset
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...
WordPress Plugin ProfileGrid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-36352 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 97a93e8f05e7 Credits István Márton Required privileg...
WordPress ProfileGrid Plugin < 5.3.1 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions 5.3.1 Fixed in 5.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0940 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0809f414e629 Credits dc11 Required privilege Subscriber...
CVE-2022-41791
Auth. subscriber+ CSV Injection vulnerability in ProfileGrid plugin = 5.1.6 on WordPress...
CVE-2022-41791 WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
Auth. subscriber+ CSV Injection vulnerability in ProfileGrid plugin = 5.1.6 on WordPress...
CVE-2022-41791
The CVE-2022-41791 entry concerns an authenticated CSV Injection vulnerability in the WordPress ProfileGrid plugin, affecting versions up to 5.1.6. The vulnerability is tied to ProfileGrid’s handling of CSV uploads/exports, with an impact that, per connected reports, can enable change-authorizati...
PT-2022-26075 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin versions = 5.1.6 Description: The issue is related to an authenticated CSV Injection vulnerability in the ProfileGrid plugin on WordPress, affecting users with subscriber or higher permissions. Recommendations: For...
CVE-2022-3578
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
PT-2022-7188 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid WordPress plugin versions prior to 5.1.1 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could...
WordPress plugin ProfileGrid 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
CVE-2022-3578 ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0233
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...
CVE-2022-0233 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...