WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Group Settings Modification vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin ProfileGrid versions = 5.9.8.4...

CVE-2025-49033 WordPress ProfileGrid plugin <= 5.9.5.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through = 5.9.5.3...

CVE-2025-49876 WordPress ProfileGrid <= 5.9.5.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2...

CVE-2025-52719 WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through = 5.9.5.2...

CVE-2025-52719 WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through = 5.9.5.2...

WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin ProfileGrid versions = 5.9.5.2...

CVE-2025-47478 WordPress ProfileGrid plugin <= 5.9.5.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through = 5.9.5.0...

CVE-2025-47478 WordPress ProfileGrid <= 5.9.5.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.0...

CVE-2025-48079 WordPress ProfileGrid plugin <= 5.9.5.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through = 5.9.5.1...

CVE-2025-48079 WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1...

CVE-2025-39586 WordPress ProfileGrid <= 5.9.4.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8...

CVE-2025-26999 WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through = 5.9.4.3...

WordPress ProfileGrid Plugin <= 5.9.3.6 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.6 Fixed in 5.9.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10900 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e7fdd2a43e49 Credits 1337Wannabe Required...

WordPress ProfileGrid Plugin <= 5.9.3.2 is vulnerable to Cross Site Scripting (XSS)

Software ProfileGrid Type Plugin Vulnerable versions = 5.9.3.2 Fixed in 5.9.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8861 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 907c16cddd3d Credits Francesco Carlucci...

WordPress ProfileGrid Plugin <= 5.8.9 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.9 Fixed in 5.9.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-6410 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7aa3e6febe27 Credits Tieu Pham Trong...

WordPress ProfileGrid Plugin <= 5.8.9 is vulnerable to Privilege Escalation

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.9 Fixed in 5.9.0 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6411 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f89fa5a9e660 Credits Truoc Phan Required privilege...

WordPress ProfileGrid Plugin <= 5.8.7 is vulnerable to Broken Access Control

Software ProfileGrid Type Plugin Vulnerable versions = 5.8.7 Fixed in 5.8.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37453 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a60b5a00ba24 Credits Manab Jyoti Dowarah Required...

CVE-2024-32774 WordPress ProfileGrid plugin <= 5.8.2 - Group Members Limit Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2...

WordPress ProfileGrid Plugin <= 5.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.8 Fixed in 5.7.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31362 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56f2b8a25e3b Credits thiennv Required...

WordPress ProfileGrid Plugin <= 5.7.2 is vulnerable to Insecure Direct Object References (IDOR)

Software ProfileGrid Type Plugin Vulnerable versions = 5.7.2 Fixed in 5.7.3 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-30513 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6d5652387361 Credits Van Lyubov...