CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2026-4607

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

CVE-2026-4608

CVE-2026-4608 affects the WordPress ProfileGrid – User Profiles, Groups and Communities plugin (versions up to and including 5.9.8.4). It describes a blind SQL Injection via the rid parameter, caused by insufficient escaping of user input and inadequate query preparation, allowing authenticated a...

CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2026-4608

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Group Joining vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.8.4...

PT-2026-40611

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm invite user function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-lev...

PT-2026-40609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pm set group order, pm set grou...

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Group Settings Modification vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin ProfileGrid versions = 5.9.8.4...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-2494

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

CVE-2026-2488

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

EUVD-2026-10102

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

CVE-2026-2488

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...

CVE-2026-2494

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

CVE-2026-2494

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page approve and decline actions. This makes it...

CVE-2026-2488

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pgdeletemsg function in all versions up to, and including, 5.9.8.1. This is due to the function not verifying that the requesting us...