Log out
Get PRO

Latest

Access violation vulnerability in ProfileGrid – User Profiles, Memberships, Groups and Communities 5.0.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 27, 2022

The ProfileGrid plugin for WordPress is not secure in versions up to 5.0.3. It does not have enough security checks in place to stop people from accessing private messages. People who are already logged in to WordPress with a subscriber-level account or higher can see and edit messages that they should not be able to access.

Detected in:

ProfileGrid – User Profile and Member Plugin fixed vulnerable versions:
ProfileGrid – User Profile and Member Plugin with Groups, Community, and Social Selling fixed vulnerable versions:
ProfileGrid – User Profile, Member, Community, and Social Selling Plugin fixed vulnerable versions:
ProfileGrid – User Profiles, Memberships, Groups and Communities fixed vulnerable versions: >= * <= 5.0.3

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.