Login Sign Up

CVE-2024-6411

8.8 HIGH
Authentication Bypass

📋 TL;DR

The ProfileGrid WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to elevate their privileges to Administrator. This occurs due to insufficient validation of user-supplied data in the 'pm_upload_image' AJAX action. All WordPress sites using ProfileGrid plugin versions up to 5.8.9 are affected.

💻 Affected Systems

Products:
  • ProfileGrid – User Profiles, Groups and Communities WordPress plugin
Versions: All versions up to and including 5.8.9
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with ProfileGrid plugin enabled. Any authenticated user (Subscriber role or higher) can exploit this vulnerability.

📦 What is this software?

Profilegrid by Metagauss

View all CVEs affecting Profilegrid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over the WordPress site, allowing them to install malicious plugins/themes, modify content, steal data, or take the site offline.

🟠

Likely Case

Attackers elevate their privileges to Administrator and use this access for further malicious activities like data exfiltration or backdoor installation.

🟢

If Mitigated

With proper access controls and monitoring, the attack would be detected and contained before significant damage occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has a valid user account. The vulnerability is in publicly accessible AJAX endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.9.0 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3111609/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ProfileGrid plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 5.9.0+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable ProfileGrid Plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible

wp plugin deactivate profilegrid-user-profiles-groups-and-communities

Restrict User Registration

all

Disable new user registration to prevent attackers from creating accounts

Navigate to Settings → General in WordPress admin and uncheck 'Anyone can register'

🧯 If You Can't Patch

  • Immediately disable the ProfileGrid plugin if patching isn't possible
  • Implement strict monitoring of user privilege changes and AJAX requests to the 'pm_upload_image' endpoint

🔍 How to Verify

Check if Vulnerable:

Check ProfileGrid plugin version in WordPress admin under Plugins → Installed Plugins

Check Version:

wp plugin get profilegrid-user-profiles-groups-and-communities --field=version

Verify Fix Applied:

Verify plugin version is 5.9.0 or higher and test that authenticated users cannot modify their capabilities

📡 Detection & Monitoring

Log Indicators:

  • Unusual AJAX requests to 'pm_upload_image' endpoint
  • Sudden privilege escalation events in user logs
  • User role changes from Subscriber to Administrator

Network Indicators:

  • POST requests to /wp-admin/admin-ajax.php with action=pm_upload_image containing capability modification parameters

SIEM Query:

source="wordpress.log" AND ("pm_upload_image" OR "user_capabilities" OR "role_changed")

📊 Metadata

CVE ID: CVE-2024-6411
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: July 10, 2024
Last Updated: February 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON