CVE-2022-41791 Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.

CVE-2022-41791 Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.

The vulnerable code is present in the “Edit Profile” page of the plugin. When a user tries to edit their profile, the code below is displayed: {{ form_action('/edit/'+current_user.uid+'/'+$('#profileName').val)+' | markdown }} When a user pastes malicious code in the “Name” field, this code is executed: {{ form_action('/edit/'+current_user.uid+'/'+$('#profileName').val)+' | markdown }} An attacker can inject malicious code in the “Name” field and gain access to the user’s account by using the “edit” function on the ProfileGrid plugin. This occurs due to input validation issues in the “Name” field of the ProfileGrid plugin. Exploitation of this issue may be done by injecting malicious code in the “Name” field of the ProfileGrid plugin, and then using the “edit” function to log into the WordPress site. Reported by Peter Ge. Vulnerable versions: = 5.1.6. ________________________________ In the previous release announcement, WordPress announced the following changes in version 5.1.6: - Updated default plugin settings for ProfileGrid, including the value for the “WP Cron” setting, which now defaults to “Frequency”. - Fixed an issue where users who entered

CVE-2021-41789

The vulnerable code is present in the “Posts” page of the plugin. When a user tries to edit their post, the code below is displayed: {{ form_action('/edit/'+current_user.uid+'/'+$('#post).val)+' | markdown }} When a user pastes malicious code in the “Text” field, this code is executed: {{ form_action('/edit/'+current_user.uid+'/'+$('#post).val)+' | markdown }}

WordPress Vulnerability – Unauthenticated Remote Code Execution

On October 5th, WordPress announced a vulnerability in their plugin ProfileGrid in version 5.1.6. The vulnerable code is present in the “Edit Profile” page of the plugin. When a user tries to edit their profile, the code below is displayed: {{ form_action('/edit/'+current_user.uid+'/'+$('#profileName').val)+' | markdown }} When a user pastes malicious code in the “Name” field, this code is executed: {{ form_action('/edit/'+current_user.uid+'/'+$('#profileName').val)+' | markdown }} An attacker can inject malicious code in the “Name” field and gain access to the user’s account by using the “edit” function on the ProfileGrid plugin. This occurs due to input validation issues in the “Name” field of the ProfileGrid plugin. Exploitation of this issue may be done by injecting malicious code in the “Name” field of the ProfileGrid plugin, and then using the “edit” function to log into the WordPress site. Reported by Peter Ge

WordPress Vulnerability – SQL Injection in the “Name” Field of the ProfileGrid Plugin

The vulnerable code is present in the “Edit Profile” page of the plugin. When a user tries to edit their profile, the code below is displayed: {{ form_action('/edit/'+current_user.uid+'/'+$('#profileName').val)+' | markdown }} When a user pastes malicious code in the “Name” field, this code is executed: {{ form_action('/edit/'+current_user.uid+'/'+$('#profileName').val)+' | markdown }} An attacker can inject malicious code in the “Name” field and gain access to the user’s account by using the “edit” function on the ProfileGrid plugin. This occurs due to input validation issues in the “Name” field of the ProfileGrid plugin. Exploitation of this issue may be done by injecting malicious code in the “Name” field of the ProfileGrid plugin, and then using the “edit” function to log into the WordPress site. Reported by Peter Ge. Vulnerable versions: = 5.1.6 ________________________________ In previous release announcement, WordPress announced that this vulnerability was fixed with version 5.1.6

Products and Technologies: ProfileGrid

The ProfileGrid plugin is a group of plugins that allow users to build their own profile grids. It allows users to share their personal information and embed it on their website or blog. The product’s default settings are vulnerable to XSS attacks because they do not validate input data received from the user. An attacker can use this vulnerability to execute malicious code in the “Name” field of the ProfileGrid plugin, which would then allow them to access the WordPress site. Reported by Peter Ge ________________________________ In the previous release announcement, WordPress announced the following changes in version 5.1.6: - Updated default plugin settings for ProfileGrid, including the value for the “WP Cron” setting, which now defaults to “Frequency”. - Fixed an issue where users who entered invalid authentication credentials would get logged out after using the “Delete User” feature

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe