Lucene search
K

163 matches found

NVD
NVD
added yesterday3 views

CVE-2026-11359

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS0.00246EPSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-42541

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-11359

The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday19 views

CVE-2026-11359 Memberships and User Profiles for WooCommerce <= 3.4 - Missing Authorization to Authenticated (Subscriber+) ProfileGrid Plugin Installation and Activation

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS0.00246EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/02 9:14 a.m.4 views

WordPress ProfileGrid plugin <= 5.9.9.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.8...

8.8CVSS5.9AI score0.00142EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/30 8:59 a.m.7 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability

User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/30 6:16 a.m.9 views

CVE-2026-12073

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a userlogin on registration forms that don't contain this parameter, and...

9.8CVSS0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 5:34 a.m.6 views

EUVD-2026-40254

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a userlogin on registration forms that don't contain this parameter, and...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 5:34 a.m.23 views

CVE-2026-12073

CVE-2026-12073 affects the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress (versions ≤ 5.9.9.5). The root cause is the plugin not validating a user_login on some registration forms and mishandling errors, enabling unauthenticated attackers to overwrite the email of the ad...

9.8CVSS5.8AI score0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53809

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities versions prior to 5.9.9.6 Description An issue allows unauthenticated attackers to perform privilege escalation via account takeover. The flaw exists because the plugin fails to validate the...

9.8CVSS6AI score0.0031EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/24 12:19 p.m.8 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.9.2...

6.4CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2026-4610

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/23 12:32 p.m.37 views

CVE-2026-4610 ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS0.00201EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4608

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.7AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.51 views

CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS0.00219EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.8 views

CVE-2026-4607

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.5 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References5
CVE
CVE
added 2026/05/13 1:27 p.m.19 views

CVE-2026-4608

CVE-2026-4608 affects the WordPress ProfileGrid – User Profiles, Groups and Communities plugin (versions up to and including 5.9.8.4). It describes a blind SQL Injection via the rid parameter, caused by insufficient escaping of user input and inadequate query preparation, allowing authenticated a...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.57 views

CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.5 views

CVE-2026-4608

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References7
Rows per page
Query Builder