WordPress Plugin Vulnerabilities

ProfileGrid – User Profiles, Groups and Communities < 5.9.4.3 - Authenticated (Subscriber+) Limited Server-Side Request Forgery

Description

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to download and view images, as well as validating if a non-image file exists, both on local or remote hosts.

Affects Plugins

Plugin icon
profilegrid-user-profiles-groups-and-communities
Fixed in 5.9.4.3

References

CVE
CVE-2024-13741
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/95d2a05d-67ae-45b1-8add-0dcf73d43181

Classification

Type
SSRF
OWASP top 10
A1: Injection
CWE
CWE-918
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Tim Coen
Verified
No
WPVDB ID
3c1c68b9-3d85-4a33-9bb3-e314dd9e3920

Timeline

Publicly Published
2025-02-17 (about 1 year ago)
Added
2025-02-17 (about 1 year ago)
Last Updated
2025-02-18 (about 1 year ago)

Other

Published
Title
Published
2025-01-31
Title
Traveler Layout Essential For Elementor < 1.4 - Unauthenticated Server-Side Request Forgery
Published
2026-01-21
Title
WPO365 < 40.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Published
2025-12-24
Title
Link Library < 7.8.8 - Authenticated (Contributor+) Server-Side Request Forgery
Published
2025-10-10
Title
WP Scraper < 5.8.2 - Authenticated (Administrator+) Server-Side Request Forgery
Published
2025-06-05
Title
Car Repair Services <= 5.0 - Unauthenticated Server-Side Request Forgery