Vulnerabilities > Metagauss > Profilegrid

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2024-10900 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6.
network
low complexity
metagauss CWE-862
8.1
8.1
2024-11-01 CVE-2024-37453 Missing Authorization vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7.
network
low complexity
metagauss CWE-862
8.8
8.8
2024-10-21 CVE-2024-49273 Missing Authorization vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3.
network
low complexity
metagauss CWE-862
6.5
6.5
2024-09-26 CVE-2024-8861 Cross-site Scripting vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation.
network
low complexity
metagauss CWE-79
5.4
5.4
2024-06-12 CVE-2023-52117 Unspecified vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.
network
low complexity
metagauss
6.3
6.3
2024-06-05 CVE-2024-5453 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6.
network
low complexity
metagauss CWE-862
4.3
4.3
2024-05-17 CVE-2024-32774 Unspecified vulnerability in Metagauss Profilegrid
Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.
network
low complexity
metagauss
8.8
8.8
2024-04-24 CVE-2024-32772 Unspecified vulnerability in Metagauss Profilegrid
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
network
low complexity
metagauss
8.8
8.8
2024-04-24 CVE-2024-32808 Unspecified vulnerability in Metagauss Profilegrid
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
network
low complexity
metagauss
8.8
8.8
2024-04-12 CVE-2024-31362 Unspecified vulnerability in Metagauss Profilegrid
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
network
low complexity
metagauss
8.8
8.8