Vulnerabilities > CVE-2021-34622 - Unspecified vulnerability in Properfraction Profilepress

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

properfraction

NVD

Published: 2021-07-07

Updated: 2023-05-26

Summary

A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. .

Vulnerable Configurations

Part	Description	Count
Application	Properfraction Properfraction Profilepress 3.0.0 Properfraction Profilepress 3.0.1 Properfraction Profilepress 3.0.2 Properfraction Profilepress 3.0.3 Properfraction Profilepress 3.0.4 Properfraction Profilepress 3.0.5 Properfraction Profilepress 3.0.6 Properfraction Profilepress 3.0.7 Properfraction Profilepress 3.0.8 Properfraction Profilepress 3.0.9 Properfraction Profilepress 3.0.10 Properfraction Profilepress 3.0.11 Properfraction Profilepress 3.0.12 Properfraction Profilepress 3.0.13 Properfraction Profilepress 3.1 Properfraction Profilepress 3.1.0 Properfraction Profilepress 3.1.1 Properfraction Profilepress 3.1.2 Properfraction Profilepress 3.1.3	29

References

https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin/