Headline
CVE-2022-41791: WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability - Patchstack
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
Verified
Not fixed
6.5
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Find out about vulnerable plugins in your websites for free.
Scan your website
Software
ProfileGrid
Type
Plugin
Vulnerable versions
<= 5.1.6
Fixed in
N/A
PSID
4012bcce8735
CVE ID
CVE-2022-41791
Classification
CSV Injection
OWASP Top 10
A1: Injection
Required privilege
Requires subscriber or higher role user authentication.
Credits
Mika (Patchstack Alliance)
Publicly disclosed
2022-11-17
Details
Auth. CSV Injection vulnerability discovered by Mika (Patchstack Alliance) in the WordPress ProfileGrid plugin (versions <= 5.1.6).
Solution
No patched version available.
References