Lucene search

K
wpvulndbWpvulndbWPVDB-ID:7CFD87B8-A9B6-4C25-A96B-80C6EE8E8686
HistoryApr 29, 2024 - 12:00 a.m.

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference

2024-04-2900:00:00
wpscan.com
6
profilegrid
user profiles
memberships
groups
communities
wordpress
insecure direct object reference
vulnerability
authentication
subscriber-level access

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pg_show_msg_panel() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to view other’s messages.

CPENameOperatorVersion
eq5.8.0

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for WPVDB-ID:7CFD87B8-A9B6-4C25-A96B-80C6EE8E8686