540 matches found
WordPress ProfileGrid <5.1.1 - Cross-Site Scripting
WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
CVE-2026-57697
Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...
CVE-2026-57697 WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through = 5.9.9.6...
CVE-2026-57697
The CVE-2026-57697 entry concerns the WordPress ProfileGrid plugin (Metagauss) ≤ 5.9.9.6, where an Authentication Bypass via an Alternate Path or Channel allows Password Recovery Exploitation. The NVD entries describe a vulnerable component (ProfileGrid) with a base score of 7.5 (HIGH) per CVSS 3...
CVE-2026-11359
The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...
CVE-2026-11359
The CVE-2026-11359 entry relates to the Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress. Affected versions up to 3.4 are vulnerable due to missing capability checks and nonce validation in the pg_install_profilegrid() AJAX handler (wp_ajax_...
EUVD-2026-42541
The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...
CVE-2026-11359 Memberships and User Profiles for WooCommerce <= 3.4 - Missing Authorization to Authenticated (Subscriber+) ProfileGrid Plugin Installation and Activation
The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...
WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ProfileGrid versions = 5.9.9.6...
CVE-2026-57759
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
CVE-2026-57759
CVE-2026-57759: Unauthenticated CSRF in WordPress ProfileGrid plugin (versions
CVE-2026-57759
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
CVE-2026-57759 WordPress ProfileGrid plugin <= 5.9.9.7 - CSRF to Account Takeover vulnerability
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
EUVD-2026-41315
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
WordPress ProfileGrid plugin <= 5.9.9.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin ProfileGrid versions = 5.9.9.8...
PT-2026-55047
Name of the Vulnerable Software and Affected Versions ProfileGrid versions prior to 5.9.9.8 Description An unauthenticated Cross Site Request Forgery CSRF issue exists, which could lead to account takeover. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.9.5 - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability
User Profiles, Groups and Communities plugin = 5.9.9.5 - User Profiles, Groups and Communities = 5.9.9.5 - Unauthenticated Privilege Escalation vulnerability discovered by Ivan Kuzymchak - Wordfence in WordPress Plugin ProfileGrid versions = 5.9.9.5...
CVE-2026-12073
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a userlogin on registration forms that don't contain this parameter, and...
EUVD-2026-40254
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a userlogin on registration forms that don't contain this parameter, and...
CVE-2026-12073
CVE-2026-12073 affects the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress (versions ≤ 5.9.9.5). The root cause is the plugin not validating a user_login on some registration forms and mishandling errors, enabling unauthenticated attackers to overwrite the email of the ad...