SQL Injection Vulnerability in ProfileGrid Plugin for WordPress
CVE-2025-0723

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Profilegrid – User Profiles, Groups And Communities
Vendor
CVE Published:
22 March 2025

What is CVE-2025-0723?

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress has a security vulnerability that allows authenticated users, with Subscriber access and above, to perform blind and time-based SQL injections via the rid and search parameters. This occurs due to inadequate escaping of user-supplied input and insufficient preparation in existing SQL queries. Exploiting this vulnerability could enable attackers to append malicious SQL queries to existing ones, potentially leading to unauthorized access to sensitive database information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ProfileGrid – User Profiles, Groups and Communities * <= 5.9.4.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/profilegrid-us...
https://plugins.trac.wordpress.org/browser/profilegrid-us...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ivan Kuzymchak
JSON
.