Log out
Get PRO

Latest

Weak configuration vulnerability in ProfileGrid – User Profiles, Memberships, Groups and Communities 5.5.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: July 17, 2023

The ProfileGrid plugin for WordPress, used on websites, has a security issue in versions up to 5.5.0. Attackers who have administrator-level or above permissions can view and decrypt users’ passwords, because the passphrase and iv (a unique code) are hardcoded in the ‘pm_encrypt_decrypt_pass’ function and used across all sites. If used with another vulnerability, this could allow people with lower permissions to access users’ passwords.

Detected in:

ProfileGrid – User Profile and Member Plugin fixed vulnerable versions:
ProfileGrid – User Profile and Member Plugin with Groups, Community, and Social Selling fixed vulnerable versions:
ProfileGrid – User Profile, Member, Community, and Social Selling Plugin fixed vulnerable versions:
ProfileGrid – User Profiles, Memberships, Groups and Communities fixed vulnerable versions: >= * <= 5.5.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.