Unauthorized Data Modification in ProfileGrid Plugin for WordPress
CVE-2023-3403
5.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 18 July 2023
What is CVE-2023-3403?
The ProfileGrid plugin for WordPress allows authenticated users with subscriber-level permissions or higher to exploit a flaw in the 'pm_upload_csv' function, leading to unauthorized modifications of user data. This vulnerability arises from a missing capability check, enabling attackers to import new users and alter existing user information without proper authorization, potentially compromising the integrity of user data.
Affected Version(s)
ProfileGrid – User Profiles, Memberships, Groups and Communities * <= 5.5.1