CVE-2024-8861 – ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8861
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/admin/class-profile-magic-admin.php#L2065 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/includes/class-profile-magic.php#L268 https://plugins.trac.wordpress.org/changeset/3157510 https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-6410 – ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2024-6410
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user. El complemento ProfileGrid – User Profiles, Groups and Communities para WordPress para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 5.8.9 incluida a través de la función 'pm_upload_image' debido a la falta de validación en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien la imagen de perfil de cualquier usuario. • https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/js/profile-magic-admin-power.js#L361 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/js/profile-magic-admin-power.js#L390 https://plugins.trac.wordpress.org/changeset/3111609/profilegrid-user-profiles-groups-and-communities/trunk/public/partials/crop.php https://www.wordfence.com/threat-intel/vulnerabilities/id/8679f4cd-2cb8-48ad-a531-a00c1b85ed2e?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2024-6411 – ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-6411
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator. El complemento ProfileGrid – User Profiles, Groups and Communities para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 5.8.9 incluida. Esto se debe a una falta de validación de los datos proporcionados por el usuario en la acción AJAX 'pm_upload_image'. • https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/js/profile-magic-admin-power.js#L361 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/js/profile-magic-admin-power.js#L390 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/partials/coverimg_crop.php https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/public/partials/crop • CWE-269: Improper Privilege Management •
CVE-2024-3606 – ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-3606
The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. This makes it possible for authenticated attackers, with subscriber access or higher, to delete attachments. El complemento ProfileGrid – User Profiles, Memberships, Groups and Communities para WordPress es vulnerable a la eliminación no autorizada de datos debido a una falta de verificación de capacidad en la función pm_upload_cover_image en todas las versiones hasta la 5.8.3 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, eliminen archivos adjuntos. • https://plugins.trac.wordpress.org/changeset/3069928/profilegrid-user-profiles-groups-and-communities/trunk?contextall=1&old=3068943&old_path=%2Fprofilegrid-user-profiles-groups-and-communities%2Ftrunk https://www.wordfence.com/threat-intel/vulnerabilities/id/c039d2fe-7518-4724-a025-6380a53fb58c?source=cve • CWE-862: Missing Authorization •