Vulnerabilities > CVE-2023-0940 - Incorrect Authorization vulnerability in Metagauss Profilegrid

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
metagauss
CWE-863

Summary

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.

Vulnerable Configurations

Part Description Count
Application
Metagauss
279

Common Weakness Enumeration (CWE)