WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ProfileGrid versions = 5.9.5.2...

WordPress ProfileGrid Plugin <= 5.9.3.6 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.6 Fixed in 5.9.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10900 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7fdd2a43e49 Credits 1337Wannabe Required...

WordPress ProfileGrid Plugin <= 5.9.3.2 is vulnerable to Cross Site Scripting (XSS)

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.2 Fixed in 5.9.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8861 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 907c16cddd3d Credits Francesco Carlucci...

WordPress ProfileGrid Plugin <= 5.8.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.9 Fixed in 5.9.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-6410 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7aa3e6febe27 Credits Tieu Pham Trong...

WordPress ProfileGrid Plugin <= 5.8.9 is vulnerable to Privilege Escalation

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.9 Fixed in 5.9.0 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6411 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f89fa5a9e660 Credits Truoc Phan Required privilege...

WordPress ProfileGrid Plugin <= 5.7.2 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30513 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6d5652387361 Credits Van Lyubov...

WordPress ProfileGrid Plugin <= 5.7.1 is vulnerable to SQL Injection

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30241 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 73689cfe8f04 Credits Ngô Thiên An ancorn from VNPT-VCI Required privilege...

WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3713 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8475e71147a0 Credits Lana Codes Required privilege...

WordPress ProfileGrid Plugin <= 5.5.0 is vulnerable to Other Vulnerability Type

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.0 Fixed in 5.5.1 OWASP Top 10 A5: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-3404 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 6dcb68eeaeb3 Credits Lana Codes Required privile...

WordPress ProfileGrid Plugin <= 5.5.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.1 Fixed in 5.5.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3403 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d701047eae02 Credits Lana Codes Required privilege...

WordPress ProfileGrid Plugin <= 5.5.2 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.5.2 Fixed in 5.5.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3714 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 163433ba9759 Credits Lana Codes Required privilege...

WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.0.3 Fixed in 5.0.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-36352 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID 97a93e8f05e7 Credits István Márton Required privileg...

WordPress ProfileGrid Plugin < 5.3.1 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions 5.3.1 Fixed in 5.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0940 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0809f414e629 Credits dc11 Required privilege Subscriber...