CVE-2025-1408 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2025-1408?

CVE-2025-1408 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to approve or decline group join requests, which should be restricted to administrators only. It affects all versions of the ProfileGrid plugin up to 5.9.4.4. Attackers can manipulate group membership without proper authorization.

📋 TL;DR

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to approve or decline group join requests, which should be restricted to administrators only. It affects all versions of the ProfileGrid plugin up to 5.9.4.4. Attackers can manipulate group membership without proper authorization.

💻 Affected Systems

Products:

ProfileGrid – User Profiles, Groups and Communities WordPress plugin

Versions: All versions up to and including 5.9.4.4

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with ProfileGrid plugin enabled and at least one authenticated user with Subscriber role or higher.

📦 What is this software?

Profilegrid by Metagauss

View all CVEs affecting Profilegrid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could approve malicious users into sensitive groups, decline legitimate join requests to disrupt community operations, or manipulate group composition for social engineering attacks.

🟠

Likely Case

Low-privileged users gain unauthorized control over group membership decisions, potentially allowing them to join restricted groups or disrupt community management.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor group management disruptions that can be quickly detected and reversed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. The missing capability check makes exploitation simple.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.9.4.5 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3208228%40profilegrid-user-profiles-groups-and-communities%2Ftags%2F5.9.4.5&old=3198896%40profilegrid-user-profiles-groups-and-communities%2Ftags%2F5.9.4.4

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find ProfileGrid plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 5.9.4.5+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the ProfileGrid plugin until patched

wp plugin deactivate profilegrid-user-profiles-groups-and-communities

Role-Based Access Restriction

all

Temporarily restrict Subscriber role capabilities using a security plugin

🧯 If You Can't Patch

Implement strict monitoring of group membership changes and user activity logs
Temporarily disable group join/approval features or restrict to trusted administrators only

🔍 How to Verify

Check if Vulnerable:

Check ProfileGrid plugin version in WordPress admin under Plugins → Installed Plugins. If version is 5.9.4.4 or lower, you are vulnerable.

Check Version:

wp plugin get profilegrid-user-profiles-groups-and-communities --field=version

Verify Fix Applied:

Verify plugin version is 5.9.4.5 or higher. Test that Subscriber-level users cannot approve/decline group join requests.

📡 Detection & Monitoring

Log Indicators:

Unexpected group membership changes by non-admin users
pm_approve_join_group_request or pm_decline_join_group_request calls from low-privilege accounts

Network Indicators:

POST requests to WordPress admin-ajax.php with pm_approve_join_group_request or pm_decline_join_group_request actions from non-admin users

SIEM Query:

source="wordpress.log" AND (action="pm_approve_join_group_request" OR action="pm_decline_join_group_request") AND user_role!="administrator"

📊 Metadata

CVE ID: CVE-2025-1408

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

EPSS Score: 0.11% exploit probability (30.1th percentile)

Published: March 22, 2025

Last Updated: March 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1408, you might also want to check these: