ProfileGrid by Metagauss <= 5.0.2 - Subscriber+ List and Edit Messages
LANACOMMONVDB ID: c90603dc-b8d8-499f-8f2e-b8694a8b7b08
The plugin was affected by Missing Authorization and Cross-Site Request Forgery (CSRF) vulnerabilities. The plugin creates a frontend user profile, groups, communities and messenger. However, the messenger is vulnerable because there is no user authentication, so the vulnerability allows us to list and modify other users’ messages.