{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1408", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-17T22:08:23.306Z", "datePublished": "2025-03-22T04:22:05.850Z", "dateUpdated": "2026-04-08T16:57:29.054Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:29.054Z"}, "affected": [{"vendor": "metagauss", "product": "ProfileGrid \u2013 User Profiles, Groups and Communities", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.9.4.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to approve or decline join group requests which is normally should be available to administrators only."}], "title": "ProfileGrid \u2013 User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/641f7727-83ba-45c2-b3e1-1ce19f86eac7?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.3/public/class-profile-magic-public.php#L3306"}, {"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.3/public/class-profile-magic-public.php#L3262"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Tan Phat"}], "timeline": [{"time": "2025-02-16T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-03-21T16:15:56.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-24T14:51:49.445536Z", "id": "CVE-2025-1408", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T15:14:06.836Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-24T14:51:49.445536Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T14:51:51.203Z"}}], "cna": {"title": "ProfileGrid \u2013 User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management", "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Tan Phat"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "metagauss", "product": "ProfileGrid \u2013 User Profiles, Groups and Communities", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.9.4.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-16T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-03-21T16:15:56.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/641f7727-83ba-45c2-b3e1-1ce19f86eac7?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.3/public/class-profile-magic-public.php#L3306"}, {"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.3/public/class-profile-magic-public.php#L3262"}], "descriptions": [{"lang": "en", "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to approve or decline join group requests which is normally should be available to administrators only."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:29.054Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1408", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:57:29.054Z", "dateReserved": "2025-02-17T22:08:23.306Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-22T04:22:05.850Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "74FDCDFC-5D11-423A-971F-929E1295C163", "versionEndExcluding": "5.9.4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in all versions up to, and including, 5.9.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to approve or decline join group requests which is normally should be available to administrators only."}, {"lang": "es", "value": "El complemento ProfileGrid \u2013 User Profiles, Groups and Communities para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de comprobaci\u00f3n de las funciones pm_decline_join_group_request y pm_approve_join_group_request en todas las versiones hasta la 5.9.4.4 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, aprueben o rechacen solicitudes de ingreso a grupos, lo cual normalmente deber\u00eda estar disponible solo para administradores."}], "id": "CVE-2025-1408", "lastModified": "2025-03-27T00:38:34.650", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-22T05:15:38.353", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.3/public/class-profile-magic-public.php#L3262"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.3/public/class-profile-magic-public.php#L3306"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/641f7727-83ba-45c2-b3e1-1ce19f86eac7?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:51:22.737823+00:00", "value": {"mitigation_remediation": ["Upgrade the ProfileGrid plugin to the latest stable version (5.9.4.5 or later) where the missing capability check has been implemented.", "If an immediate upgrade is not feasible, implement a temporary filter that blocks the pm_decline_join_group_request and pm_approve_join_group_request actions for all non\u2011administrator roles, thereby preventing unauthorized group\u2011join approvals or declines.", "Review the WordPress role capabilities and remove any custom or inherited capabilities that would allow Subscriber or lower roles to perform group\u2011management actions, ensuring that only administrators retain such privileges."], "summary": {"action": "Patch Now", "impact": "Privilege Escalation via Unauthorized Approval or Decline of Group Join Requests"}, "threat_synthesis": {"affected_systems": "The affected product is the ProfileGrid \u2013 User Profiles, Groups and Communities WordPress plugin, version 5.9.4.4 and earlier. The plugin is distributed by Metagauss and is installed on WordPress sites where group and community functionality is enabled.", "description_and_impact": "The vulnerability is a missing capability check in the pm_decline_join_group_request and pm_approve_join_group_request functions. As a result, users who possess only Subscriber-level access\u2014or any role equal to or higher than Subscriber\u2014can illegitimately approve or decline requests to join a group. This allows an authenticated attacker to alter group membership, bypassing administrative controls and potentially granting themselves or others membership to groups they should not belong to, thereby affecting community integrity and privacy.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, implying no publicly known active exploitation. Because the flaw requires an authenticated user, the attack vector is limited to authenticated access (Subscriber or above) and does not necessitate remote code execution or network-level attacks."}}}}, "created": "2026-04-22T02:00:05.037762+00:00", "updated": "2026-04-22T02:00:05.037775+00:00", "vendors": []}