Description The plugin does not implement an adequate capability check on the ‘profile_magic_check_smtp_connection’ function, making it possible for authenticated users with subscriber-level permissions or above to arbitrarily update the site options, leading to potential privilege escalation.
CPE | Name | Operator | Version |
---|---|---|---|
profilegrid-user-profiles-groups-and-communities | eq | 5.5.2 |