cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, CVE-2024-13741

CVE, Research URL

CVE-2024-13741

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Feb 18, 2025
Research Description
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to download and view images, as well as validating if a non-image file exists, both on local or remote hosts.
Affected versions
Min -, max 5.9.4.3.
Status
vulnerable
Previous vulnerability researches
Clever Addons for Elementor (CVE-2024-43324) , Aug 20, 2024
Clever Addons for Elementor (CVE-2024-10357) , Oct 27, 2024
Clever Addons for Elementor (CVE-2024-51580) , Nov 04, 2024
Clever Addons for Elementor (CVE-2024-2350) , Jun 07, 2024
Clever Addons for Elementor (CVE-2021-24273) , Jun 07, 2024
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2024-45293) , May 07, 2025
Newsletter – Send awesome emails from WordPress (CVE-2025-3583) , May 07, 2025
Insert PHP Code Snippet (CVE-2024-43275) , May 07, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2024-38785) , May 07, 2025
Section Widget (CVE-2025-46537) , May 07, 2025