CVE-2022-3578

CVE-2022-3578: ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting

Vendor Unknown

Product ProfileGrid – User Profiles, Memberships, Groups and Communities

Weakness CWE-79 · XSS

Published November 14, 2022

Last update April 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

November 14, 2022 CVE published

April 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3578 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2015-10093 Mark User as Spammer Plugin plugin.php user_row_actions cross site scripting CVE-2023-24398 WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS) CVE-2019-3769 CVE-2025-28878 WordPress Awesome Surveys plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability CVE-2024-28237 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings