Vulnerabilities > Metagauss > Profilegrid > 4.8.7

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-3714 Unspecified vulnerability in Metagauss Profilegrid
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2.
network
low complexity
metagauss
8.8
8.8
2023-03-20 CVE-2023-0940 Incorrect Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization.
network
low complexity
metagauss CWE-863
8.8
8.8
2022-11-17 CVE-2022-41791 Improper Neutralization of Formula Elements in a CSV File vulnerability in Metagauss Profilegrid
Auth.
network
low complexity
metagauss CWE-1236
8.8
8.8
2022-11-14 CVE-2022-3578 Unspecified vulnerability in Metagauss Profilegrid
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
network
low complexity
metagauss
6.1
6.1