CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Metagauss: >> Profilegrid >> 5.8.9 Security Vulnerabilities

CVE-2024-6411

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator.

CVSS Score

8.8

EPSS Score

0.006

Published

2024-07-10

Page 2

Vulnerabilities

Vulnerable Software

Metagauss: >> Profilegrid >> 5.8.9 Security Vulnerabilities

Products

Pricing

Contact Us