Lucene search
K

4 matches found

CVE
CVE
added 2026/06/23 12:32 p.m.16 views

CVE-2026-4610

CVE-2026-4610 affects the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. The vulnerability is a Stored Cross-Site Scripting flaw in the function pm_send_message_to_author via the pm_author_message parameter, present in all versions up to and including 5.9.9.2. It arises fro...

6.4CVSS6AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 12:32 p.m.10 views

EUVD-2026-38447

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS6AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/23 12:32 p.m.39 views

CVE-2026-4610 ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS0.00201EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-51498

Name of the Vulnerable Software and Affected Versions ProfileGrid versions prior to 5.9.9.3 Description The ProfileGrid plugin for WordPress contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. Authenticated attackers with Subscriber-level acces...

6.4CVSS6AI score0.00201EPSS
Exploits0References12
Rows per page
Query Builder