📦 Profilegrid
by Metagauss
🔍 What is Profilegrid?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
The ProfileGrid WordPress plugin is vulnerable to PHP object injection via deserialization of untrusted input, allowing authenticated attackers with Subscriber-level access to inject malicious PHP obj...
The ProfileGrid WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to elevate their privileges to Administrator. This occu...
This SQL injection vulnerability in the ProfileGrid WordPress plugin allows attackers with contributor-level access to execute arbitrary SQL commands on the database. It affects all versions up to 5.7...
The ProfileGrid WordPress plugin up to version 5.5.1 has a missing capability check that allows authenticated users with subscriber-level permissions or higher to arbitrarily update WordPress site opt...
The ProfileGrid WordPress plugin before version 5.3.1 contains an authorization bypass vulnerability in its password reset functionality. This allows any authenticated user, even with low privileges l...
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to approve or decline group join requests, which should be restricted to administrators only. It affects ...
The ProfileGrid WordPress plugin has an authorization vulnerability that allows authenticated users (even with low-privilege subscriber accounts) to delete arbitrary user metadata. This can lead to de...
ProfileGrid WordPress plugin versions up to 5.9.3 have a missing authorization vulnerability that allows attackers to perform unauthorized actions. This affects WordPress sites using ProfileGrid for u...
This CVE describes a Missing Authorization (Broken Access Control) vulnerability in the ProfileGrid WordPress plugin. It allows unauthorized users to access functionality or data that should require p...
The ProfileGrid WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher to modify arbitrary plugin options to '1' or change...