Profilegrid User Profiles Groups And Communities
Monthly
Account takeover in the ProfileGrid - User Profiles, Groups and Communities WordPress plugin (all versions through 5.9.9.5) lets unauthenticated remote attackers hijack the site administrator account. The plugin fails to validate a `user_login` value on registration forms lacking that parameter and mishandles the resulting error messages, allowing an attacker to overwrite the email address of the user with ID=1 (typically the admin) and then trigger a password reset to seize full control. Reported by Wordfence with a 9.8 CVSS; no public exploit identified at time of analysis.
Stored Cross-Site Scripting in the ProfileGrid WordPress plugin (all versions through 5.9.9.2) allows authenticated users with Subscriber-level access to inject persistent malicious scripts via the `pm_author_message` parameter in the private messaging function `pm_send_message_to_author`. The injected payload executes in any user's browser upon visiting the affected page, with a changed scope (S:C) meaning impact can extend to the broader WordPress session context - including potential admin account compromise. No public exploit has been identified at time of analysis, and a partial patch in version 5.9.8.5 does not fully remediate the issue, leaving sites running through 5.9.9.2 exposed.
Account takeover in the ProfileGrid - User Profiles, Groups and Communities WordPress plugin (all versions through 5.9.9.5) lets unauthenticated remote attackers hijack the site administrator account. The plugin fails to validate a `user_login` value on registration forms lacking that parameter and mishandles the resulting error messages, allowing an attacker to overwrite the email address of the user with ID=1 (typically the admin) and then trigger a password reset to seize full control. Reported by Wordfence with a 9.8 CVSS; no public exploit identified at time of analysis.
Stored Cross-Site Scripting in the ProfileGrid WordPress plugin (all versions through 5.9.9.2) allows authenticated users with Subscriber-level access to inject persistent malicious scripts via the `pm_author_message` parameter in the private messaging function `pm_send_message_to_author`. The injected payload executes in any user's browser upon visiting the affected page, with a changed scope (S:C) meaning impact can extend to the broader WordPress session context - including potential admin account compromise. No public exploit has been identified at time of analysis, and a partial patch in version 5.9.8.5 does not fully remediate the issue, leaving sites running through 5.9.9.2 exposed.