CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31291 – WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability
https://notcve.org/view.php?id=CVE-2024-31291
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.6. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.6 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-6-idor-on-friend-request-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30241 – WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.1 - Contributor+ SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30241
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.1. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 5.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-1-contributor-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30490 – WordPress ProfileGrid plugin <= 5.7.8 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30490
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.8. The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-30491 – WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30491
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.8. The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://github.com/truonghuuphuc/CVE-2024-30491-Poc https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30513 – WordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-30513
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.2. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.2 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above to perform an unauthorized action. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •