Browse all 3 CVE security advisories affecting profilegrid. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Profilegrid is a talent management platform designed for recruitment and HR operations, handling sensitive candidate and employee data. Historically, the system has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and access control weaknesses. While no major public security incidents have been widely reported, the three documented CVEs highlight ongoing security concerns in areas such as API endpoints and user authentication mechanisms. Organizations implementing Profilegrid should ensure timely patching and conduct regular security assessments to mitigate risks associated with these common vulnerability classes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-36352 | WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control — ProfileGrid – User Profiles, Memberships, Groups and CommunitiesCWE-862 | 6.3 | Medium | 2024-01-08 |
| CVE-2023-47644 | WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF) — ProfileGrid – User Profiles, Memberships, Groups and CommunitiesCWE-352 | 5.4 | Medium | 2023-11-18 |
| CVE-2022-41791 | WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability — ProfileGrid (WordPress plugin) | 6.8 | Medium | 2022-11-17 |
This page lists every published CVE security advisory associated with profilegrid. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.