Lucene search
WpvulndbWPVDB-ID:7CFD87B8-A9B6-4C25-A96B-80C6EE8E8686HistoryApr 29, 2024 - 12:00 a.m.
ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference
2024-04-2900:00:00
wpscan.com
6
profilegrid
user profiles
memberships
groups
communities
wordpress
insecure direct object reference
vulnerability
authentication
subscriber-level access
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pg_show_msg_panel() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to view other’s messages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.8.0 |
Related
cvelist
cvelist
nvd
nvd
CVE-2024-32808
2024-04-24 11:15:48
cve
cve
CVE-2024-32808
2024-04-24 11:15:48
wpvulndb
wpvulndb
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Related for WPVDB-ID:7CFD87B8-A9B6-4C25-A96B-80C6EE8E8686