Report
The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.6 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.
Score:4.3
Severity:Medium
Version: 5.7.6
There is a patch available in v5.7.7 and we strongly recommend you update to this version as soon as possible.
