CVE-2019-15873

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 04:29

Type Values Removed Values Added
References () https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers - Release Notes, Third Party Advisory () https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers - Release Notes, Third Party Advisory
References () https://wpvulndb.com/vulnerabilities/9086 - Exploit, Third Party Advisory () https://wpvulndb.com/vulnerabilities/9086 - Exploit, Third Party Advisory

24 Jan 2022, 16:42

Type Values Removed Values Added
CPE cpe:2.3:a:profilegrid:profilegrid:*:*:*:*:*:wordpress:*:* cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*

Information

Published : 2019-09-03 13:15

Updated : 2024-11-21 04:29


NVD link : CVE-2019-15873

Mitre link : CVE-2019-15873

CVE.ORG link : CVE-2019-15873


JSON object : View

Products Affected

metagauss

  • profilegrid
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')