Skip to main content

ProfileGrid EUVDEUVD-2026-40254

| CVE-2026-12073 CRITICAL
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-30 Wordfence GHSA-5949-6pq3-mp7g
9.8
CVSS 3.1 · Vendor: Wordfence
Share

Severity by source

Vendor (Wordfence) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Unauthenticated network registration request with no user interaction yields admin takeover, so AV:N/AC:L/PR:N/UI:N and full C/I/A impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorVendor: Wordfence

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 30, 2026 - 06:16 vuln.today
CVE Published
Jun 30, 2026 - 05:34 cve.org
CRITICAL 9.8

DescriptionCVE.org

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a user_login on registration forms that don't contain this parameter, and not properly handling the error messages. This makes it possible for unauthenticated attackers to change email address of user account with ID=1 (usually an administrator), and leverage that to reset the user's password and gain access to their account.

AnalysisAI

Account takeover in the ProfileGrid - User Profiles, Groups and Communities WordPress plugin (all versions through 5.9.9.5) lets unauthenticated remote attackers hijack the site administrator account. The plugin fails to validate a user_login value on registration forms lacking that parameter and mishandles the resulting error messages, allowing an attacker to overwrite the email address of the user with ID=1 (typically the admin) and then trigger a password reset to seize full control. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running ProfileGrid
Delivery
Submit registration form omitting user_login
Exploit
Overwrite email of user ID=1
Execution
Trigger admin password reset
Persist
Receive reset link at attacker email
Impact
Log in as administrator

Vulnerability AssessmentAI

Exploitation The site must run the ProfileGrid plugin (≤ 5.9.9.5) with a reachable front-end registration form that does not include the `user_login` parameter - that specific form configuration is the triggering condition named in the description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All signals point the same direction for ease of exploitation: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) describes a network-reachable, low-complexity, unauthenticated attack requiring no user interaction, with full C/I/A impact (9.8 critical). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker locates a WordPress site running ProfileGrid and submits a crafted registration request to a form that omits the `user_login` parameter, abusing the unvalidated input and mishandled error path to overwrite the email address of the user with ID=1 (the admin). The attacker then requests a WordPress password reset, receives the reset link at their attacker-controlled email, and logs in as administrator - all without authentication or user interaction. …
Remediation Upstream fix available (changeset/commit); released patched version not independently confirmed from the provided data - the fix is committed at https://plugins.trac.wordpress.org/changeset/3578435/, so update ProfileGrid to the first release published after 5.9.9.5 (verify the exact patched version in the Wordfence advisory at https://www.wordfence.com/threat-intel/vulnerabilities/id/2d35279d-299e-4ca2-8f84-165284e058c8?source=cve before deploying). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

WITHIN 24 HOURS: Deactivate ProfileGrid plugin immediately; audit administrator account (user ID 1) for unauthorized email changes, password resets, or suspicious access activity. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40254 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy