159 matches found
EUVD-2025-206868
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...
CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...
CVE-2025-13416
The CVE-2025-13416 relates to the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. Affected versions are all up to and including 5.9.7.2. Root cause: missing capability check in the pm_deactivate_user_from_group() function, enabling authenticated users with Subscriber-level a...
ProfileGrid <= 5.7.8 - SQL Injection
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied 'search' parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-30490...
PT-2026-6034
Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to the update user meta...
PT-2026-5876
Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to unauthorized user suspension. This occurs because of a missing capability chec...
CVE-2022-0233
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...
WordPress ProfileGrid plugin <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management vulnerability
Missing Authorinzation to Authenticated Subscriber+ Join Group Requests Management vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ProfileGrid versions = 5.9.4.4...
EUVD-2024-49438
Malicious code in bioql PyPI...
EUVD-2022-15429
Malicious code in bioql PyPI...
EUVD-2023-44071
Malicious code in bioql PyPI...
EUVD-2025-4859
Malicious code in bioql PyPI...
EUVD-2024-47514
Malicious code in bioql PyPI...
EUVD-2022-44960
Malicious code in bioql PyPI...
EUVD-2024-46670
Malicious code in bioql PyPI...
EUVD-2023-44349
Malicious code in bioql PyPI...
EUVD-2023-44070
Malicious code in bioql PyPI...
CVE-2025-4957 WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through = 5.9.5.7...
WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Mohammed Ahmed Abd Elnabi in WordPress Plugin ProfileGrid versions = 5.9.5.7...
WordPress plugin ProfileGrid SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...