Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Network-accessible AJAX endpoint (AV:N), no complexity (AC:L), Subscriber auth required (PR:L), constrained to installing one specific plugin (I:L), no confidentiality or availability impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Memberships and User Profiles for WooCommerce - ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the pg_install_profilegrid() AJAX handler registered via wp_ajax_pg_install_profilegrid. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate the ProfileGrid plugin from wordpress.
AnalysisAI
Unauthorized plugin installation affects the Memberships and User Profiles for WooCommerce - ProfileGrid WooCommerce Integration plugin (versions up to and including 3.4), allowing any authenticated WordPress user at Subscriber level or above to force-install and activate the ProfileGrid plugin without administrative approval. The flaw stems from a dual failure - absent capability check and absent nonce validation - on the pg_install_profilegrid() AJAX handler, registered via the wp_ajax_pg_install_profilegrid hook. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid WordPress user account at Subscriber level or above - PR:N (unauthenticated) exploitation is not possible per the CVSS:3.1/PR:L vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 4.3 (Medium) reflects a realistic assessment: network-accessible (AV:N), low complexity (AC:L), requiring low-privilege authentication (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or obtains a Subscriber-level account on a WooCommerce store running the affected plugin. They send a crafted POST request to `wp-admin/admin-ajax.php` with `action=pg_install_profilegrid` while authenticated, bypassing both the missing capability check and missing nonce validation. … |
| Remediation | Administrators should update the ProfileGrid WooCommerce Integration plugin immediately via the WordPress dashboard or WP-CLI. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42541
GHSA-3m2g-qgvr-j86q