The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers | Release Notes Third Party Advisory |
https://wpvulndb.com/vulnerabilities/9086 | Exploit Third Party Advisory |
https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers | Release Notes Third Party Advisory |
https://wpvulndb.com/vulnerabilities/9086 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers - Release Notes, Third Party Advisory | |
References | () https://wpvulndb.com/vulnerabilities/9086 - Exploit, Third Party Advisory |
24 Jan 2022, 16:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:* |
Information
Published : 2019-09-03 13:15
Updated : 2024-11-21 04:29
NVD link : CVE-2019-15873
Mitre link : CVE-2019-15873
CVE.ORG link : CVE-2019-15873
JSON object : View
Products Affected
metagauss
- profilegrid
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')