ProfileGrid by Metagauss <= 5.0.2 - Subscriber+ List and Edit Messages
LANACOMMONVDB ID: c90603dc-b8d8-499f-8f2e-b8694a8b7b08
The plugin was affected by Missing Authorization and Cross-Site Request Forgery (CSRF) vulnerabilities. The plugin creates a frontend user profile, groups, communities and messenger. However, the messenger is vulnerable because there is no user authentication, so the vulnerability allows us to list and modify other users’ messages.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-08-01
- Published
- 2022-08-12
- Updated
- 2023-05-27
- Affected Version
- <= 5.0.2
Classification
- Type
- Cross-Site Request Forgery (CSRF), Missing Authorization
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
