Profilegrid – User Profiles, Memberships, Groups And Communities
Approved changes feed: RSS · Atom
cpe:2.3:a:metagauss:profilegrid_–_user_profiles,_memberships,_groups_and_communities:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Metagauss (efd32a3a-6f1a-5c0a-ba62-c7bf604b79bd) |
|---|---|
| Product | Profilegrid – User Profiles, Memberships, Groups And Communities (30ddb742-06cc-5bc9-b7ba-589dc9b634b6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3714 |
vulnerable | 2026-06-03 14:52:41.633724 |
ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation
HIGH (7.5)
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.
Published: 2023-07-18T02:39:25.531Z
Updated: 2026-04-08T17:13:04.038Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.