ProfileGrid < 5.5.2 – Subscriber+ Unauthorized Data Modification | CVE 2023-3403

Affects Plugins

profilegrid-user-profiles-groups-and-communities

Fixed in 5.5.2

References

CVE

CVE-2023-3403

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/b335fc19-2998-4711-8813-6cb68d7447bd

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Lana Codes

Verified

No

WPVDB ID

094490f1-3490-41c8-8f0a-c5e00d790744

Timeline

Publicly Published

2023-07-17 (about 2 years ago)

Added

2023-07-18 (about 2 years ago)

Last Updated

2023-07-18 (about 2 years ago)

Other

Published

Title

Published

2024-04-10

Title

Restrict Content < 3.2.9 - Missing Authorization

Published

2023-01-09

Title

ChatBot < 4.2.9 - Unauthenticated Settings Reset

Published

2024-04-22

Title

Flexible Shipping < 4.24.16 - Missing Authorization

Published

2026-02-05

Title

WP Duplicate < 1.1.9 - Subscriber+ Arbitrary File Upload

Published

2025-12-11

Title

WP Fastest Cache Premium < 1.7.5 - Subscriber+ Blind Server-Side Request Forgery