Lucene search
K

540 matches found

Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-7188 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid WordPress plugin versions prior to 5.1.1 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could...

6.4CVSS6.1AI score0.00946EPSS
Exploits1References5
CVE
CVE
added 2022/11/14 12:0 a.m.76 views

CVE-2022-3578

The CVE-2022-3578 entry concerns the WordPress ProfileGrid plugin (versions before 5.1.1). The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of a parameter before it is echoed on pages. Impact as documented includes ability for an attacker to injec...

6.1CVSS6.1AI score0.00946EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.5 views

WordPress plugin ProfileGrid 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS5.5AI score0.00946EPSS
Exploits1References3
OSV
OSV
added 2022/01/18 5:15 p.m.5 views

CVE-2022-0233

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

5.4CVSS6.1AI score0.009EPSS
Exploits1References3
NVD
NVD
added 2022/01/18 5:15 p.m.17 views

CVE-2022-0233

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

6.4CVSS0.009EPSS
Exploits1References3
Prion
Prion
added 2022/01/18 5:15 p.m.13 views

Cross site scripting

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

3.5CVSS5.1AI score0.009EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/01/18 4:52 p.m.24 views

CVE-2022-0233 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

6.4CVSS6AI score0.009EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/01/18 4:52 p.m.7 views

CVE-2022-0233 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

6.4CVSS5.8AI score0.009EPSS
Exploits1References3
CVE
CVE
added 2022/01/18 4:52 p.m.47 views

CVE-2022-0233

The CVE-2022-0233 issue affects the ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin. It is a Stored XSS vulnerability caused by insufficient escaping in the pm_user_avatar and pm_cover_image parameters within ~/admin/class-profile-magic-admin.php, exploitable by ...

6.4CVSS5.3AI score0.009EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/18 12:0 a.m.24 views

ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts...

6.4CVSS4.8AI score0.009EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/01/18 12:0 a.m.20 views

WordPress ProfileGrid plugin <= 4.7.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress ProfileGrid plugin versions = 4.7.4. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 4.7.5...

6.4CVSS2.1AI score0.009EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/09/03 1:15 p.m.7 views

CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

8.8CVSS7.8AI score0.03883EPSS
Exploits2References2
NVD
NVD
added 2019/09/03 1:15 p.m.13 views

CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

8.8CVSS9.2AI score0.03883EPSS
Exploits2References2
Prion
Prion
added 2019/09/03 1:15 p.m.13 views

Remote code execution

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...

6.5CVSS9.1AI score0.03883EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/09/03 12:22 p.m.72 views

CVE-2019-15873

The WordPress plugin profilegrid-user-profiles-groups-and-communities (Profiles Grid) is vulnerable before version 2.8.6. The issue is remote code execution via wp-admin/admin-ajax.php using action=pm_template_preview&html=

8.8CVSS9.1AI score0.03883EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2019/09/03 12:0 a.m.5 views

WordPress profilegrid-user-profiles-groups-and-communities plugin code injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. profilegrid-user-profiles-groups-and-communities is a plugin for configuring site user permissions. A code injection vulnerability...

8.8CVSS7.3AI score0.03883EPSS
Exploits2References1
Patchstack
Patchstack
added 2018/06/05 12:0 a.m.13 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 2.8.5 - Authenticated Code Execution vulnerability

Authenticated Code Execution vulnerability found in WordPress ProfileGrid– User Profiles, Groups and Communities plugin versions = 2.8.5. Solution Update the WordPress ProfileGrid – User Profiles, Groups and Communities plugin to the latest available version at least 2.8.6...

4.8AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2018/05/18 12:0 a.m.19 views

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...

6.5CVSS2.1AI score0.03883EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2018/05/18 12:0 a.m.17 views

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. PoC Send an authenticated POST request to...

6.5CVSS3AI score0.03883EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2017/11/27 12:0 a.m.14 views

WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting

A reflected cross-site scripting vulnerability was found in ProfileGrid plugin in 2.6.6 version. The vulnerability exists in the file /admin/partials/user-manager.php. There some of $GET parameters are not escaped. For example: ifisset$GET‘search’ echo $GET‘search’; … Solution Update the plugin...

2.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder