CVE-2023-3714

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 18, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-3714 is a vulnerability affecting the ProfileGrid plugin for WordPress. This issue allows authenticated attackers, who possess group ownership, to manipulate group options unchecked. Specifically, the 'edit_group' handler is missing capability checks, enabling attackers to update group settings, including the 'associate_role' parameter. Although version 5.5.2 introduced a partial patch, preventing privilege escalation, the full vulnerability was rectified in version 5.5.3.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sBiUty
https://www.cve.org/CVERecord?id=CVE-2023-3714
https://nvd.nist.gov/vuln/detail/CVE-2023-3714

Back to Vulnerability Database

CVE-2023-3714

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations