WordPress Plugin Vulnerabilities

ProfileGrid < 5.6.7 - Missing Authorization

Description

The ProfileGrid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.6.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.

Affects Plugins

Plugin icon
profilegrid-user-profiles-groups-and-communities
Fixed in 5.6.7

References

CVE
CVE-2023-52117
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb1cef-6e01-4bd7-b0bc-5d21295f119a

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
emad
Verified
No
WPVDB ID
ea4260dc-8b10-4e8f-864c-1eb2fc592321

Timeline

Publicly Published
2023-12-28 (about 2 years ago)
Added
2024-01-04 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2024-07-04
Title
themedropbox Themes <= Various Versions - Missing Authorization to Notice Dismissal
Published
2026-04-23
Title
WP Books Gallery < 4.8.1 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter
Published
2026-01-27
Title
Database for Contact Form 7, WPforms, Elementor forms < 1.4.6 - Missing Authorization to Unauthenticated Form Data Exfiltration via CSV Export
Published
2026-01-22
Title
Easy Property Listings < 3.5.21 - Missing Authorization
Published
2025-04-16
Title
WP Subscription Forms < 1.2.4 - Missing Authorization