Description The plugin does not adequately check capabilities on the ‘edit_group’ handler, enabling authenticated users with group ownership to improperly update group options, including the ‘associate_role’ parameter, which sets the member’s role.
CPE | Name | Operator | Version |
---|---|---|---|
profilegrid-user-profiles-groups-and-communities | eq | 5.5.3 |