Tech News
ProfileGrid WordPress Plugin Vulnerability Allowed Admin Access
WordPress admins are urged to update their websites with the latest release of the ProfileGrid plugin. A critical privilege escalation vulnerability in the ProfileGrid plugin could potentially grant admin access to targeted WordPress sites.
ProfileGrid Plugin Vulnerability Exposed WordPress Sites
A recent post by the Wordfence team revealed details about a significant privilege escalation vulnerability in the ProfileGrid plugin, putting thousands of WordPress sites at risk.
ProfileGrid—User Profiles, Groups, and Communities is a specialized plugin for WordPress that enables users to create user profiles, communities, directories, groups, and other interactive features. With over 7,000 active installations, the plugin poses a significant risk to websites due to the identified vulnerability.
The vulnerability was found in the plugin’s pm_upload_image AJAX action, which lacked proper validation. An authenticated attacker could exploit this flaw to gain elevated privileges, potentially escalating from subscriber-level access to admin access on the target sites.
The vulnerability was assigned the CVE ID CVE-2024-6411, with a high severity rating and a CVSS score of 8.8. Security researcher Tieu Pham Trong Nhan from TechlabCorp initially discovered the issue and reported it through Wordfence’s bug bounty program, receiving a $488 bounty.
This vulnerability affected all versions of the plugin up to version 5.8.9. Following the bug report, Wordfence worked with the plugin developers to release a patch, which was included in ProfileGrid version 5.9.0 released earlier this month.
While there have been no reported exploits of this vulnerability in the wild, only 36.7% of users have updated to the latest release according to the plugin’s WordPress page. It is crucial for all WordPress users to promptly update their sites with the latest plugin version to mitigate the risk.
Furthermore, users should also review all plugins on their websites for any security updates to prevent potential threats.
Share your thoughts in the comments section below.
10 Powerful Ways to Invest in Yourself and Restart Your Self Growth
10 Tips to Prevent Cavities in Kids: A Parent’s Guide
Israeli soldiers pushed three apparently lifeless bodies from roofs during a West Bank raid
YEAH! YOU WANT “THOSE GAMES,” RIGHT? SO HERE YOU GO! NOW, LET’S SEE YOU CLEAR THEM! 1+2 announced
Do you need an expensive record player?
Sony’s throwback PS5 Pro limited edition takes us back to the 90s
Commuters warned of delays amid Commercial Broadway Station escalator replacement – BC
Lorne Michaels Weighs In On Who Will Play Donald Trump On ‘SNL’ Season 50
UPDATE: It’s actually happening: Palworld developer Pocketpair is being sued by Nintendo and The Pokémon Company
YouTube Now Displays Adverts When Paused
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
The Top 20 Motivational Instagram Accounts to Follow (2024)
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
Our new fixed tours are your ultimate Aussie & Kiwi adventure!
Democrats and allies to flood airwaves, drop more than $125M on abortion push
Family Holiday Checklist | What To Pack Family Holiday
Concord price, beta, preorder details for PS5 and PC confirmed
Turkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA
Tim Scott Makes New Push to Woo Black and Hispanic Republicans
Epic Bus Tours New Zealand
-
Tech News3 months agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation3 months agoThe Top 20 Motivational Instagram Accounts to Follow (2024)
-
Self Development4 months agoDon’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Destination4 months agoOur new fixed tours are your ultimate Aussie & Kiwi adventure!
-
Breaking News4 months agoDemocrats and allies to flood airwaves, drop more than $125M on abortion push
-
Activities4 months agoFamily Holiday Checklist | What To Pack Family Holiday
-
Gaming3 months agoConcord price, beta, preorder details for PS5 and PC confirmed
-
Destination3 months agoTurkish Airlines carries 7.2 mn passengers in May, launches new sustainability brand, BA