CVE-2026-4608

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

EUVD-2026-29952

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Group Joining vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.8.4...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Group Settings Modification vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin ProfileGrid versions = 5.9.8.4...