540 matches found
CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...
CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...
CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...
CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...
CVE-2023-3403
ProfileGrid – User Profiles, Memberships, Groups and Communities vulnerability CVE-2023-3403: missing capability check in pm_upload_csv allows authenticated attackers with subscriber+ privileges to import/update users in versions up to 5.5.1; no patch/version remediation details provided in the c...
WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3713 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8475e71147a0 Credits Lana Codes Required privilege...
WordPress ProfileGrid Plugin <= 5.5.0 is vulnerable to Other Vulnerability Type
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.0 Fixed in 5.5.1 OWASP Top 10 A5: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-3404 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 6dcb68eeaeb3 Credits Lana Codes Required privile...
ProfileGrid < 5.5.2 - Subscriber+ Unauthorized Data Modification
Description The plugin does not perform proper capability checks on the 'pmuploadcsv' function, enabling authenticated users with subscriber-level permissions or above to import new users and update existing ones...
ProfileGrid < 5.5.2 - Subscriber+ Arbitrary Option Update
Description The plugin does not implement an adequate capability check on the 'profilemagicchecksmtpconnection' function, making it possible for authenticated users with subscriber-level permissions or above to arbitrarily update the site options, leading to potential privilege escalation...
WordPress plugin ProfileGrid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification
Description The plugin does not adequately check capabilities on the 'editgroup' handler, enabling authenticated users with group ownership to improperly update group options, including the 'associaterole' parameter, which sets the member's role...
PT-2023-25800 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...
WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...
WordPress plugin ProfileGrid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control
Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3403 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d701047eae02 Credits Lana Codes Required privilege...
PT-2023-24645 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.1 Description: The issue allows authenticated attackers with subscriber-level permissions or above to import new users and update existing users due to a missing capability...
WordPress plugin ProfileGrid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-0940
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...
CVE-2023-0940
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...
Authorization
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...