540 matches found
PT-2022-7188 · WordPress · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid WordPress plugin versions prior to 5.1.1 Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. This could...
CVE-2022-3578
The CVE-2022-3578 entry concerns the WordPress ProfileGrid plugin (versions before 5.1.1). The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitisation/escaping of a parameter before it is echoed on pages. Impact as documented includes ability for an attacker to injec...
WordPress plugin ProfileGrid 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
CVE-2022-0233
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...
CVE-2022-0233
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...
Cross site scripting
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...
CVE-2022-0233 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...
CVE-2022-0233 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...
CVE-2022-0233
The CVE-2022-0233 issue affects the ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin. It is a Stored XSS vulnerability caused by insufficient escaping in the pm_user_avatar and pm_cover_image parameters within ~/admin/class-profile-magic-admin.php, exploitable by ...
ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting
The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts...
WordPress ProfileGrid plugin <= 4.7.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress ProfileGrid plugin versions = 4.7.4. Solution Update the WordPress ProfileGrid plugin to the latest available version at least 4.7.5...
CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...
CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...
Remote code execution
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pmtemplatepreview&html=?php substring followed by PHP code...
CVE-2019-15873
The WordPress plugin profilegrid-user-profiles-groups-and-communities (Profiles Grid) is vulnerable before version 2.8.6. The issue is remote code execution via wp-admin/admin-ajax.php using action=pm_template_preview&html=
WordPress profilegrid-user-profiles-groups-and-communities plugin code injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. profilegrid-user-profiles-groups-and-communities is a plugin for configuring site user permissions. A code injection vulnerability...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 2.8.5 - Authenticated Code Execution vulnerability
Authenticated Code Execution vulnerability found in WordPress ProfileGrid– User Profiles, Groups and Communities plugin versions = 2.8.5. Solution Update the WordPress ProfileGrid – User Profiles, Groups and Communities plugin to the latest available version at least 2.8.6...
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. PoC Send an authenticated POST request to...
WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting
A reflected cross-site scripting vulnerability was found in ProfileGrid plugin in 2.6.6 version. The vulnerability exists in the file /admin/partials/user-manager.php. There some of $GET parameters are not escaped. For example: ifisset$GET‘search’ echo $GET‘search’; … Solution Update the plugin...