CVE-2024-6411

moderate-risk
Published 2024-07-10

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator.

Do I need to act?

-
0.61% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Metagauss

References (12)

Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Patch https://plugins.trac.wordpress.org/changeset/3111609/
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef3c7fb-27f5-4829-8cb...
Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Product https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-...
Patch https://plugins.trac.wordpress.org/changeset/3111609/
Third Party Advisory https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef3c7fb-27f5-4829-8cb...
37
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal