Vulnerabilities > Metagauss > Profilegrid > 5.0.7

DATE CVE VULNERABILITY TITLE RISK
2023-03-20 CVE-2023-0940 Incorrect Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization.
network
low complexity
metagauss CWE-863
8.8
8.8
2022-11-17 CVE-2022-41791 Improper Neutralization of Formula Elements in a CSV File vulnerability in Metagauss Profilegrid
Auth.
network
low complexity
metagauss CWE-1236
8.8
8.8
2022-11-14 CVE-2022-3578 Unspecified vulnerability in Metagauss Profilegrid
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
network
low complexity
metagauss
6.1
6.1