CVE-2023-0940 – The ProfileGrid WordPress plugin before version... (How to Fix)

Q: What is the severity of CVE-2023-0940?

CVE-2023-0940 has a CVSS score of 8.8 (HIGH). The ProfileGrid WordPress plugin before version 5.3.1 contains an authorization bypass vulnerability in its password reset functionality. This allows any authenticated user, even with low privileges like 'subscriber', to reset passwords for any account including administrators. All WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

The ProfileGrid WordPress plugin before version 5.3.1 contains an authorization bypass vulnerability in its password reset functionality. This allows any authenticated user, even with low privileges like 'subscriber', to reset passwords for any account including administrators. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

ProfileGrid WordPress Plugin

Versions: All versions before 5.3.1

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and activated. All WordPress configurations using vulnerable versions are affected.

📦 What is this software?

Profilegrid by Metagauss

View all CVEs affecting Profilegrid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full administrative control over the WordPress site, potentially leading to complete site compromise, data theft, malware injection, or site defacement.

🟠

Likely Case

Attackers reset administrator passwords to gain privileged access, then install backdoors, steal sensitive data, or modify site content.

🟢

If Mitigated

With proper access controls and monitoring, unauthorized password resets would be detected and blocked before significant damage occurs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but only subscriber-level privileges. The vulnerability is well-documented and simple to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.3.1

Vendor Advisory: https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ProfileGrid plugin. 4. Click 'Update Now' if available, or download version 5.3.1+ from WordPress repository. 5. Activate the updated plugin.

🔧 Temporary Workarounds

Disable ProfileGrid Plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible

wp plugin deactivate profilegrid

Restrict User Registration

all

Disable new user registration to prevent attackers from obtaining subscriber accounts

wp option update users_can_register 0

🧯 If You Can't Patch

Implement web application firewall rules to block requests to the vulnerable AJAX endpoint
Enable detailed logging for user password reset attempts and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → ProfileGrid version number

Check Version:

wp plugin get profilegrid --field=version

Verify Fix Applied:

Confirm ProfileGrid plugin version is 5.3.1 or higher

📡 Detection & Monitoring

Log Indicators:

Multiple password reset attempts from low-privilege users
AJAX requests to profilegrid password reset endpoints from non-admin users

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with action=profilegrid_reset_password

SIEM Query:

source="wordpress.log" AND "admin-ajax.php" AND "profilegrid_reset_password"

📊 Metadata

CVE ID: CVE-2023-0940

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

Published: March 20, 2023

Last Updated: February 26, 2025

🔗 References

https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0940, you might also want to check these: