ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 – Authenticated Code Execution | CVE 2019-15873 | Plugin Vulnerabilities

Description

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin.

Proof of Concept

Send an authenticated POST request to wp-admin/admin-ajax.php with parameters action=pm_template_preview&html=<?php phpinfo();

Visit wp-content/plugins/profilegrid-user-profiles-groups-and-communities/admin/partials/email-preview.php

Affects Plugins

profilegrid-user-profiles-groups-and-communities

Fixed in 2.8.6

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/1877071/

Classification

Type

RCE

OWASP top 10

CWE

CVSS

Miscellaneous

Submitter

Karim El Ouerghemmi

Submitter website

https://ripstech.com

Submitter twitter

Verified

No

WPVDB ID

76d7786e-f851-4c35-86ce-19a929929c8c

Timeline

Publicly Published

2018-05-18 (about 7 years ago)

Added

2018-05-18 (about 7 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-08-02

Title

Molla <= 1.5.13 - Unauthenticated Remote Code Execution

Published

2022-02-22

Title

Transposh WordPress Translation < 1.0.8 - Admin+ RCE

Published

2014-08-01

Title

DZS Video Gallery - upload.php File Upload Remote Code Execution

Published

2025-01-15

Title

Motors – Car Dealer, Classifieds & Listing < 1.4.44 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Custom Title

Published

2025-04-15

Title

Real Estate Manager <= 7.3 - Unauthenticated Remote Code Execution