Back to CVE List

CVE-2026-11359

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Vulnerability Description

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the pg_install_profilegrid() AJAX handler registered via wp_ajax_pg_install_profilegrid. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate the ProfileGrid plugin from wordpress.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
metagauss
Product
Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration

External References

Discussion (0)

Add Comment

No comments yet. Be the first!