CVE-2024-5453
ProfileGrid <= 5.8.6 - Missing Authorization
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options to the value '1' or change group icons.
El complemento ProfileGrid – User Profiles, Groups and Communities para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en las funciones pm_dismissible_notice y pm_wizard_update_group_icon en todas las versiones hasta la 5.8.6 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, cambien opciones arbitrarias al valor '1' o cambien íconos de grupo.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-28 CVE Reserved
- 2024-06-04 CVE Published
- 2024-06-12 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://plugins.trac.wordpress.org/changeset/3095503/profilegrid-user-profiles-groups-and-communities/trunk/admin/class-profile-magic-admin.php?contextall=1 | 2024-06-11 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Metagauss Search vendor "Metagauss" | Profilegrid Search vendor "Metagauss" for product "Profilegrid" | < 5.8.7 Search vendor "Metagauss" for product "Profilegrid" and version " < 5.8.7" | wordpress |
Affected
| ||||||