cbcvebase.

Metagauss Profilegrid vulnerabilities

45 known vulnerabilities affecting metagauss/profilegrid.

Total CVEs
45
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH24MEDIUM20

Vulnerabilities

Page 1 of 3
CVE-2024-30490P2CRITICALCVSS 9.8PoCfixed in 5.7.9≥ n/a, ≤ 5.7.82024-03-29
CVE-2024-30490 [CRITICAL] CWE-89 CVE-2024-30490: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
nvd
CVE-2024-30491P2HIGHCVSS 8.8fixed in 5.7.9≥ n/a, ≤ 5.7.82024-03-29
CVE-2024-30491 [HIGH] CWE-89 CVE-2024-30491: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
nvd
CVE-2019-15873P3HIGHCVSS 8.8fixed in 2.8.62019-09-03
CVE-2019-15873 [HIGH] CWE-94 CVE-2019-15873: The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote co The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
nvd
CVE-2024-6411P3HIGHCVSS 8.8fixed in 5.9.02024-07-10
CVE-2024-6411 [HIGH] CWE-269 CVE-2024-6411: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privil The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upda
nvd
CVE-2023-3714P3HIGHCVSS 8.8fixed in 5.5.32023-07-18
CVE-2023-3714 [HIGH] CWE-862 CVE-2023-3714: The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a mis The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the membe
nvd
CVE-2023-3713P3HIGHCVSS 8.8≤ 5.5.12023-07-18
CVE-2023-3713 [HIGH] CWE-862 CVE-2023-3713: The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a mis The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. Thi
nvd
CVE-2024-30241P3HIGHCVSS 8.8fixed in 5.7.2≥ n/a, ≤ 5.7.12024-03-28
CVE-2024-30241 [HIGH] CWE-89 CVE-2024-30241: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
nvd
CVE-2023-0940P3HIGHCVSS 8.8fixed in 5.3.12023-03-20
CVE-2023-0940 [HIGH] CWE-863 CVE-2023-0940: The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user passwor The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.
nvd
CVE-2025-26999P3HIGHCVSS 8.8≤ 5.9.4.32025-03-03
CVE-2025-26999 [HIGH] CWE-502 CVE-2025-26999: Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles- Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3.
nvd
CVE-2025-49876P3HIGHCVSS 8.5≤ 5.9.5.22025-07-16
CVE-2025-49876 [HIGH] CWE-89 CVE-2025-49876: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
nvd
CVE-2025-0724P3HIGHCVSS 8.8fixed in 5.9.4.62025-03-22
CVE-2025-0724 [HIGH] CWE-502 CVE-2025-0724: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Ob The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Obje
nvd
CVE-2024-32774P3HIGHCVSS 8.8fixed in 5.8.3≥ n/a, ≤ 5.8.22024-05-17
CVE-2024-32774 [HIGH] CWE-307 CVE-2024-32774: Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid all Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.
nvd
CVE-2025-47478P3HIGHCVSS 8.5≤ 5.9.5.02025-05-23
CVE-2025-47478 [HIGH] CWE-89 CVE-2025-47478: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.0.
nvd
CVE-2025-39586P3HIGHCVSS 8.5≤ 5.9.4.82025-04-17
CVE-2025-39586 [HIGH] CWE-89 CVE-2025-39586: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8.
nvd
CVE-2025-49033P3HIGHCVSS 8.5≤ 5.9.5.32025-08-14
CVE-2025-49033 [HIGH] CWE-89 CVE-2025-49033: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.
nvd
CVE-2022-3578P4MEDIUMCVSS 6.1PoCfixed in 5.1.12022-11-14
CVE-2022-3578 [MEDIUM] CWE-79 CVE-2022-3578: The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before output The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
nvd
CVE-2024-32772P3HIGHCVSS 8.8fixed in 5.8.0≥ n/a, ≤ 5.7.92024-04-24
CVE-2024-32772 [HIGH] CWE-639 CVE-2024-32772: Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue a Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
nvd
CVE-2024-32808P3HIGHCVSS 8.8fixed in 5.8.0≥ n/a, ≤ 5.7.92024-04-24
CVE-2024-32808 [HIGH] CWE-639 CVE-2024-32808: Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue a Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
nvd
CVE-2022-36352P3HIGHCVSS 8.8≤ 5.0.32024-01-08
CVE-2022-36352 [HIGH] CWE-862 CVE-2022-36352: Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.
nvd
CVE-2024-10900P3HIGHCVSS 8.1fixed in 5.9.3.72024-11-20
CVE-2024-10900 [HIGH] CWE-862 CVE-2024-10900: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauth The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet
nvd
Metagauss Profilegrid vulnerabilities | cvebase