Removing Important Client Functionality Due to Improper Restriction of Excessive Authentication Attempts
CVE-2024-32774

8.8HIGH

Key Information:

Vendor: WordPress
Status: Profilegrid
Vendor: CVE Published:; 17 May 2024

Summary

The Metagauss ProfileGrid plugin is vulnerable to an improper restriction of excessive authentication attempts, enabling attackers to bypass group member limits, potentially allowing unauthorized access to sensitive client functionalities. This vulnerability affects versions from n/a to 5.8.2, presenting substantial security risks for users relying on the plugin's integrity.

Affected Version(s)

ProfileGrid <= 5.8.2

References

https://patchstack.com/database/vulnerability/profilegrid...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Kyle Sanchez (Patchstack Alliance)