This vulnerability in Metagauss ProfileGrid (profilegrid-user-profiles-groups-and-communities) is due to missing authorization controls, affecting all versions up to and including 5.9.3. The weakness allows an unauthenticated attacker to perform actions that should require authorization, resulting in limited integrity impact without affecting confidentiality or availability. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or availability impact, and limited integrity impact. No patch or mitigation details are provided in the available data.

The vulnerability allows unauthorized users to perform certain actions that should be restricted, causing limited integrity impact. There is no impact on confidentiality or availability reported. No known exploitation in the wild has been observed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor vendor communications for updates. Until a fix is available, consider restricting access to the affected ProfileGrid installations and applying any available workarounds recommended by the vendor.