Lucene search
K

531 matches found

NVD
NVD
added 2026/02/05 9:15 a.m.8 views

CVE-2025-13416

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:13 a.m.3 views

CVE-2026-1271

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/05 9:13 a.m.28 views

CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

5.3CVSS0.00315EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/05 9:13 a.m.10 views

CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References6
CVE
CVE
added 2026/02/05 9:13 a.m.17 views

CVE-2026-1271

The CVE concerns the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. It affects all versions up to 5.9.7.2 and enables Insecure Direct Object Reference via the pm_upload_image and pm_upload_cover_image AJAX actions. The root cause is update_user_meta() being called outside t...

5.3CVSS5.3AI score0.00315EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/05 8:25 a.m.5 views

CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References4
CVE
CVE
added 2026/02/05 8:25 a.m.31 views

CVE-2025-13416

The CVE-2025-13416 relates to the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. Affected versions are all up to and including 5.9.7.2. Root cause: missing capability check in the pm_deactivate_user_from_group() function, enabling authenticated users with Subscriber-level a...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/05 8:25 a.m.33 views

CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS0.00282EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/05 8:25 a.m.6 views

EUVD-2025-206868

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/05 8:25 a.m.5 views

CVE-2025-13416

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/02/05 7:9 a.m.11 views

ProfileGrid <= 5.7.8 - SQL Injection

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied 'search' parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-30490...

9.8CVSS8.6AI score0.02267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.4 views

PT-2026-6034

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to the update user meta...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.7 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.14 views

PT-2026-5876

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to unauthorized user suspension. This occurs because of a missing capability chec...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.7 views

WordPress plugin ProfileGrid – User Profiles, Groups and Communities 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00282EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/04 10:53 p.m.7 views

WordPress ProfileGrid plugin <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary User Profile and Cover Image Modification vulnerability discovered by knani alaaeddine iwd in WordPress Plugin ProfileGrid versions = 5.9.7.2...

5.3CVSS5.4AI score0.00315EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/04 10:50 p.m.8 views

WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability

WordPress ProfileGrid - User Profiles, Groups and Communities plugin = 5.9.7.2 - Missing Authorization to Authenticated Subscriber+ Arbitrary User Suspension vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin ProfileGrid versions = 5.9.7.2...

4.3CVSS5.4AI score0.00282EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.8 views

CVE-2022-0233

The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pmuseravatar and pmcoverimage parameters found in the /admin/class-profile-magic-admin.php file which allows attackers with...

6.4CVSS5.7AI score0.009EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:17 a.m.19 views

CVE-2025-1408

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdeclinejoingrouprequest and pmapprovejoingrouprequest functions in all versions up to, and including, 5.9.4.4. This makes it...

4.3CVSS6.5AI score0.00276EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress ProfileGrid plugin <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ProfileGrid versions = 5.9.4.5...

8.8CVSS7.3AI score0.00561EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder