Lucene search
K

540 matches found

Nuclei
Nuclei
added 15 hours ago65 views

WordPress ProfileGrid <5.1.1 - Cross-Site Scripting

WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

6.1CVSS6.5AI score0.00946EPSS
Exploits1References4
NVD
NVD
added 2 days ago4 views

CVE-2026-57697

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00329EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57697 WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...

7.5CVSS0.00329EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-57697

The CVE-2026-57697 entry concerns the WordPress ProfileGrid plugin (Metagauss) ≤ 5.9.9.6, where an Authentication Bypass via an Alternate Path or Channel allows Password Recovery Exploitation. The NVD entries describe a vulnerable component (ProfileGrid) with a base score of 7.5 (HIGH) per CVSS 3...

7.5CVSS6.1AI score0.00329EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-11359

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS0.00246EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42541

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
CVE
CVE
added 6 days ago10 views

CVE-2026-11359

The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-11359 Memberships and User Profiles for WooCommerce <= 3.4 - Missing Authorization to Authenticated (Subscriber+) ProfileGrid Plugin Installation and Activation

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS0.00246EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/08 2:1 p.m.5 views

WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ProfileGrid versions = 5.9.9.6...

7.5CVSS6.1AI score0.00329EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.11 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:16 a.m.37 views

CVE-2026-57759 WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:16 a.m.18 views

CVE-2026-57759

CVE-2026-57759: Unauthenticated CSRF in WordPress ProfileGrid plugin (versions

8.8CVSS5.8AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:16 a.m.9 views

EUVD-2026-41315

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.9 views

CVE-2026-57759

Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...

8.8CVSS5.8AI score0.00142EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 9:14 a.m.5 views

WordPress ProfileGrid plugin <= 5.9.9.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.9...

8.8CVSS6.1AI score0.00142EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55047

Name of the Vulnerable Software and Affected Versions ProfileGrid versions prior to 5.9.9.8 Description An unauthenticated Cross Site Request Forgery CSRF issue exists, which could lead to account takeover. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did...

8.8CVSS6AI score0.00142EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/30 8:59 a.m.8 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability

User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/30 6:16 a.m.10 views

CVE-2026-12073

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a userlogin on registration forms that don't contain this parameter, and...

9.8CVSS0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 5:34 a.m.6 views

EUVD-2026-40254

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a userlogin on registration forms that don't contain this parameter, and...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 5:34 a.m.26 views

CVE-2026-12073

CVE-2026-12073 affects the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress (versions ≤ 5.9.9.5). The root cause is the plugin not validating a user_login on some registration forms and mishandling errors, enabling unauthenticated attackers to overwrite the email of the ad...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References2
Rows per page
Query Builder