2023-07-18 02:39:25
Wordfence
PUBLISHED
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_upload_csv function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.