VYPR

Profilegrid User Profiles Groups And Communities

by WordPress

Source repositories

CVEs (18)

  • CVE-2025-26999HigMar 3, 2025
    risk 0.57cvss 8.8epss 0.01

    Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3.

  • CVE-2025-49033HigAug 14, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.

  • CVE-2025-49876HigJul 16, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.

  • CVE-2025-47478HigMay 23, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.0.

  • CVE-2025-4957HigSep 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through <= 5.9.5.7.

  • CVE-2026-1271MedFeb 5, 2026
    risk 0.34cvss 5.3epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX actions. This is due to the…

  • CVE-2025-49877MedJun 17, 2025
    risk 0.32cvss 4.9epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Server Side Request Forgery.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.

  • CVE-2026-2494MedMar 7, 2026
    risk 0.28cvss 4.3epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page (approve and decline…

  • CVE-2026-2488MedMar 7, 2026
    risk 0.28cvss 4.3epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pg_delete_msg() function in all versions up to, and including, 5.9.8.1. This is due to the function not…

  • CVE-2025-13416MedFeb 5, 2026
    risk 0.28cvss 4.3epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2. This makes it possible…

  • CVE-2025-52719MedJun 20, 2025
    risk 0.28cvss 4.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.

  • CVE-2025-48079MedMay 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through <= 5.9.5.1.

  • CVE-2024-5453MedJun 5, 2024
    risk 0.21cvss 4.3epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6.…

  • CVE-2019-15873Sep 3, 2019
    risk 0.01cvss epss 0.04

    The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.

  • CVE-2026-4610Jun 23, 2026
    risk 0.00cvss epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function in all versions up to, and including, 5.9.9.2 due to insufficient input…

  • CVE-2025-0723Mar 22, 2025
    risk 0.00cvss epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the user supplied parameter and…

  • CVE-2024-13740Feb 18, 2025
    risk 0.00cvss epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. This…

  • CVE-2024-8861Sep 26, 2024
    risk 0.00cvss epss 0.00

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain…