Lucene search
K

540 matches found

Vulnrichment
Vulnrichment
added 2023/07/18 2:39 a.m.9 views

CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

8.8CVSS7.1AI score0.00623EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/18 2:39 a.m.39 views

CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

5.4CVSS5.5AI score0.00467EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/18 2:39 a.m.22 views

CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

7.5CVSS8.5AI score0.00692EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/18 2:39 a.m.12 views

CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

5.4CVSS6.6AI score0.00467EPSS
Exploits0References3
CVE
CVE
added 2023/07/18 2:39 a.m.57 views

CVE-2023-3403

ProfileGrid – User Profiles, Memberships, Groups and Communities vulnerability CVE-2023-3403: missing capability check in pm_upload_csv allows authenticated attackers with subscriber+ privileges to import/update users in versions up to 5.5.1; no patch/version remediation details provided in the c...

5.4CVSS4.6AI score0.00467EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.10 views

WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3713 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8475e71147a0 Credits Lana Codes Required privilege...

8.8CVSS6.5AI score0.00623EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.15 views

WordPress ProfileGrid Plugin <= 5.5.0 is vulnerable to Other Vulnerability Type

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.0 Fixed in 5.5.1 OWASP Top 10 A5: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-3404 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 6dcb68eeaeb3 Credits Lana Codes Required privile...

4.9CVSS6.6AI score0.0056EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.21 views

ProfileGrid < 5.5.2 - Subscriber+ Unauthorized Data Modification

Description The plugin does not perform proper capability checks on the 'pmuploadcsv' function, enabling authenticated users with subscriber-level permissions or above to import new users and update existing ones...

5.4CVSS6.8AI score0.00467EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.16 views

ProfileGrid < 5.5.2 - Subscriber+ Arbitrary Option Update

Description The plugin does not implement an adequate capability check on the 'profilemagicchecksmtpconnection' function, making it possible for authenticated users with subscriber-level permissions or above to arbitrarily update the site options, leading to potential privilege escalation...

8.8CVSS6.8AI score0.00623EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.5 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS8.1AI score0.00623EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/07/18 12:0 a.m.21 views

ProfileGrid < 5.5.3 - Group Owner+ Unauthorized Data Modification

Description The plugin does not adequately check capabilities on the 'editgroup' handler, enabling authenticated users with group ownership to improperly update group options, including the 'associaterole' parameter, which sets the member's role...

8.8CVSS6.8AI score0.00692EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.5 views

PT-2023-25800 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...

8.8CVSS8.2AI score0.00692EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.11 views

WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...

8.8CVSS6.4AI score0.00692EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.6 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6.3AI score0.00467EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.14 views

WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3403 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d701047eae02 Credits Lana Codes Required privilege...

5.4CVSS6.6AI score0.00467EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.6 views

PT-2023-24645 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.1 Description: The issue allows authenticated attackers with subscriber-level permissions or above to import new users and update existing users due to a missing capability...

5.4CVSS5.4AI score0.00467EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.4 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS8AI score0.00692EPSS
Exploits0References6
NVD
NVD
added 2023/03/20 4:15 p.m.21 views

CVE-2023-0940

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...

8.8CVSS8.8AI score0.00823EPSS
Exploits1References1
OSV
OSV
added 2023/03/20 4:15 p.m.4 views

CVE-2023-0940

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...

8.8CVSS7.3AI score0.00823EPSS
Exploits1References1
Prion
Prion
added 2023/03/20 4:15 p.m.15 views

Authorization

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...

6.5CVSS8.7AI score0.00823EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder