← back
CVE-2019-15873

CVE-2019-15873

EPSS 3.9%
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developershttps://wpvulndb.com/vulnerabilities/9086