CVE-2023-3714

Name of the Vulnerable Software and Affected Versions ProfileGrid plugin for WordPress versions up to, and including, 5.5.2

Description The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options, including the associate role parameter, which defines the member's role. This makes it possible for attackers to modify data without proper authorization.

Recommendations For versions up to, and including, 5.5.2, update to version 5.5.3 to fully patch the issue. As a temporary workaround, consider restricting access to the 'edit group' handler for users with group ownership until the update is applied.