Show filters
32 Total Results
Displaying 31-32 of 32
Sort by:
Attacker Value
Unknown

CVE-2022-0233

Disclosure Date: January 18, 2022 (last updated February 23, 2025)
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.
Attacker Value
Unknown

CVE-2019-15873

Disclosure Date: September 03, 2019 (last updated November 27, 2024)
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
0

This site uses cookies for anonymized analytics. For more information or to change your cookie settings, view our Cookie Policy.