Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-3714 - Profilegrid User Profiles Groups And Communities Plugin
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.
PLUGIN
Profilegrid User Profiles Groups And Communities
CVE-2023-3714
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3403 - Profilegrid User Profiles Groups And Communities Plugin
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.
PLUGIN
Profilegrid User Profiles Groups And Communities
CVE-2023-3403
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0233 - Profilegrid User Profiles Groups And Communities Plugin
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.
PLUGIN
Profilegrid User Profiles Groups And Communities
CVE-2022-0233
Risk Score