Vulnerability Details : CVE-2023-3404
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running the plugin. This makes it possible for authenticated attackers, with administrator-level permissions or above to decrypt and view users' passwords. If combined with another vulnerability, this can potentially grant lower-privileged users access to users' passwords.
Products affected by CVE-2023-3404
- cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-3404
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-3404
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
Wordfence |
CWE ids for CVE-2023-3404
-
The product uses a hard-coded, unchangeable cryptographic key.Assigned by: security@wordfence.com (Primary)
References for CVE-2023-3404
-
https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.4.8/includes/class-profile-magic-request.php#L325
class-profile-magic-request.php in profilegrid-user-profiles-groups-and-communities/tags/5.4.8/includes – WordPress Plugin RepositoryPatch
-
https://plugins.trac.wordpress.org/changeset/2936383/profilegrid-user-profiles-groups-and-communities#file475
Changeset 2936383 for profilegrid-user-profiles-groups-and-communities – WordPress Plugin RepositoryPatch
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=cve
ProfileGrid <= 5.5.0 - Hardcoded Encryption KeyThird Party Advisory
Jump to