ProfileGrid – User Profiles, Groups and Communities < 5.9.0 – Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation | CVE 2024-6411 | Plugin Vulnerabilities

Description

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator.

Affects Plugins

profilegrid-user-profiles-groups-and-communities

Fixed in 5.9.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef3c7fb-27f5-4829-8cb6-d3a52778a689

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Truoc Phan, Tieu Pham Trong Nhan (aptx4869)

Verified

No

WPVDB ID

c360f342-c916-4bb1-b825-3e5d30adf6fe

Timeline

Publicly Published

2024-07-09 (about 1 year ago)

Added

2024-07-09 (about 1 year ago)

Last Updated

2024-07-10 (about 1 year ago)

Other

Published

Title

Published

2023-08-08

Title

Biometric Login for WooCommerce < 1.0.4 - Unauthenticated Privilege Escalation

Published

2016-07-08

Title

Profile Builder < 2.4.1 - Privilege Escalation

Published

2024-06-03

Title

Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation

Published

2025-03-04

Title

Homey < 2.4.3 - Unauthenticated Privilege Escalation in homey_save_profile

Published

2019-03-28

Title

Stops Core Theme And Plugin Updates < 8.0.5 - Insufficient Restrictions on Option Changes