CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49273 – WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49273
14 Oct 2024 — Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3. The ProfileGrid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.9.3. This is due to missing or incorrect nonce validation on the pg_create_group_page() function. This makes it possible for unauthenticated attackers to create group pages via a forged request granted they can trick a site administrator into performing an actio... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37453 – WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.8.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37453
01 Jul 2024 — Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7. The ProfileGrid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm_create_message function in versions up to, and including, 5.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to send messages even when they ... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-groups-and-communities-plugin-5-8-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32772 – WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-32772
22 Apr 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.9. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missi... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-9-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32774 – WordPress ProfileGrid plugin <= 5.8.2 - Group Members Limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-32774
22 Apr 2024 — Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2. La vulnerabilidad de restricción incorrecta de intentos de autenticación excesivos en Metagauss ProfileGrid permite eliminar funciones importantes del cliente. Este problema afecta a ProfileGrid: desde n/a hasta 5.8.2. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-8-2-group-members-limit-bypass-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32808 – WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-32808
22 Apr 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.9. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missi... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-9-insecure-direct-object-reference-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31362 – WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31362
08 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.8. The ProfileGrid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.7.8. This is due to missing or incorrect nonce validation in the admin/partials/add-group.php file. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31291 – WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability
https://notcve.org/view.php?id=CVE-2024-31291
05 Apr 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.6. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.6 due to missi... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-6-idor-on-friend-request-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30241 – WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.1 - Contributor+ SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30241
28 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.1. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in all ve... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-memberships-groups-and-communities-plugin-5-7-1-contributor-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30513 – WordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-30513
28 Mar 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.2. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.2 due to missi... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30490 – WordPress ProfileGrid plugin <= 5.7.8 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30490
28 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.8. The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient es... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •