3 matches found
CVE-2026-10779
The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.4.2. This is due to a missing capability/ownership check on the galleryimageupdateasfeature AJAX handler action:...
CVE-2026-1271
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pmuploadimage' and 'pmuploadcoverimage' AJAX actions. This is due to the updateusermeta function being called outsi...
PT-2026-6034
Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.7.2 Description The ProfileGrid plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to the update user meta...