CSRF Vulnerability in Metagauss ProfileGrid
CVE-2024-31362

8.8HIGH

Key Information:

Vendor: WordPress
Status: Profilegrid
Vendor: CVE Published:; 12 April 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Metagauss ProfileGrid plugin, which can allow malicious actors to perform actions on behalf of unsuspecting users. This risk affects installations of ProfileGrid from its initial release up to version 5.7.8, potentially compromising user accounts and leading to unauthorized actions without user consent.

Affected Version(s)

ProfileGrid <= 5.7.8

References

https://patchstack.com/database/vulnerability/profilegrid...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Apr 1, 2024

Credit

thiennv (Patchstack Alliance)