Lucene search

K
wpvulndbWpvulndbWPVDB-ID:7CFD87B8-A9B6-4C25-A96B-80C6EE8E8686
HistoryApr 29, 2024 - 12:00 a.m.

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

2024-04-2900:00:00
wpscan.com
6
profilegrid
user profiles
memberships
groups
communities
wordpress
insecure direct object reference
vulnerability
authentication
subscriber-level access

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pg_show_msg_panel() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to view other’s messages.

CPENameOperatorVersion
eq5.8.0

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

Related for WPVDB-ID:7CFD87B8-A9B6-4C25-A96B-80C6EE8E8686