Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Profilegrid
(Metagauss)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 31 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-02 | CVE-2024-3606 | The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. This makes it possible for authenticated attackers, with subscriber access or higher, to delete attachments. | Profilegrid | N/A | ||
| 2024-11-01 | CVE-2024-37453 | Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7. | Profilegrid | 8.8 | ||
| 2024-07-10 | CVE-2024-6410 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user. | Profilegrid | N/A | ||
| 2024-07-10 | CVE-2024-6411 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator. | Profilegrid | N/A | ||
| 2024-04-12 | CVE-2024-31362 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | Profilegrid | 8.8 | ||
| 2024-03-28 | CVE-2024-30241 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. | Profilegrid | 8.8 | ||
| 2024-03-29 | CVE-2024-30490 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | Profilegrid | 9.8 | ||
| 2024-03-29 | CVE-2024-30491 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | Profilegrid | 8.8 | ||
| 2024-03-29 | CVE-2024-30513 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2. | Profilegrid | 6.5 | ||
| 2024-04-07 | CVE-2024-31291 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. | Profilegrid | 7.1 |