Lucene search
K

540 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.6 views

CVE-2026-4609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/13 1:27 p.m.7 views

CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.48 views

CVE-2026-4607 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pmsetgrouporder, pmsetgroupitem...

4.3CVSS0.00234EPSS
Exploits0References6
CVE
CVE
added 2026/05/13 1:27 p.m.19 views

CVE-2026-4608

CVE-2026-4608 affects the WordPress ProfileGrid – User Profiles, Groups and Communities plugin (versions up to and including 5.9.8.4). It describes a blind SQL Injection via the rid parameter, caused by insufficient escaping of user input and inadequate query preparation, allowing authenticated a...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/13 1:27 p.m.23 views

EUVD-2026-29953

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/13 1:27 p.m.60 views

CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS0.00269EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/13 1:27 p.m.10 views

CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:27 p.m.5 views

CVE-2026-4608

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/05/13 10:47 a.m.12 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Group Joining vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.8.4...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 9:43 a.m.12 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Jonah Burgess CryptoCat in WordPress Plugin ProfileGrid versions = 5.9.8.4...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

WordPress plugin ProfileGrid SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.15 views

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40611

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm invite user function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-lev...

7.1CVSS5.8AI score0.00219EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40609

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.8.4. This is due to the plugin not properly verifying that a user is authorized to perform an action via the pm set group order, pm set grou...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40610

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind SQL Injection via the 'rid' parameter in all versions up to, and including, 5.9.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/12 12:0 a.m.10 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Group Settings Modification vulnerability discovered by Chawabhon Netisingha JNX03 in WordPress Plugin ProfileGrid versions = 5.9.8.4...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 5:5 p.m.3 views

CVE-2026-25417

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.7 views

EUVD-2026-15723

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.12 views

CVE-2026-25417

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

6.5CVSS0.00156EPSS
Exploits0References1
Rows per page
Query Builder