ThreatPress

WordPress Vulnerabilities Database

Back

WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting

Product
ProfileGrid
Description
A reflected cross-site scripting vulnerability was found in ProfileGrid plugin in 2.6.6 version. The vulnerability exists in the file /admin/partials/user-manager.php. There some of $_GET parameters are not escaped. For example: if(isset($_GET[‘search’])) echo $_GET[‘search’]; …
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
References
Pluginvulnerabilities
Changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.6.6
Fixed In 2.6.7
Disclosure date
2017-11-27
Credits
pluginvulnerabilities