VYPR
Unrated severityNVD Advisory· Published Mar 20, 2023· Updated Feb 26, 2025

ProfileGrid < 5.3.1 - Subscriber+ Arbitrary Password Reset

CVE-2023-0940

Description

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.