Skip to main content

Profilegrid

33 CVEs product

Monthly

CVE-2026-57697 HIGH This Week

Authentication bypass in the Metagauss ProfileGrid WordPress plugin (versions up to and including 5.9.9.6) lets remote unauthenticated attackers abuse the password recovery flow as an alternate channel to hijack arbitrary user accounts, including administrators. Because the flaw is exploitable over the network with no privileges and no user interaction (CVSS 7.5, I:H), it enables full account takeover on affected WordPress sites. No public exploit is identified at time of analysis and it is not in CISA KEV, but the low attack complexity makes it an attractive target once details circulate.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-57759 HIGH This Week

Cross-site request forgery in the ProfileGrid - User Profiles, Groups and Communities WordPress plugin (versions 5.9.9.7 and earlier) allows a remote unauthenticated attacker to force a logged-in victim into performing unintended state-changing actions, chaining to full account takeover. Because a successful CSRF against an administrator can hijack a privileged account, impact is rated high across confidentiality, integrity, and availability (CVSS 8.8). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

CSRF Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25417 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Metagauss ProfileGrid WordPress plugin through version 5.9.8.1, allowing attackers to inject malicious scripts that persist in the database and execute in the browsers of other users. The vulnerability affects all versions of ProfileGrid up to and including 5.9.8.1, enabling attackers with appropriate access to compromise user sessions, steal credentials, or perform actions on behalf of victims. While no CVSS score or EPSS data is currently available, the Stored XSS classification (CWE-79) combined with active reporting from security researchers indicates this is a legitimate and actionable threat.

XSS Profilegrid
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-1408 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Profilegrid PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0724 HIGH This Week

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP Deserialization Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-0723 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Profilegrid PHP
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-13740 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13741 MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10900 HIGH PATCH This Week

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment(). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Profilegrid
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-37453 HIGH This Week

Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.8.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-8861 MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6411 HIGH PATCH This Week

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-6410 MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-5453 MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-32774 HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3606 MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-32808 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-32772 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-31362 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.7.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-31291 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-30513 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-30491 HIGH Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 55.2% and no vendor patch available.

SQLi Profilegrid
NVD
CVSS 3.1
8.5
EPSS
55.2%
CVE-2024-30490 CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

SQLi Profilegrid
NVD
CVSS 3.1
9.3
EPSS
14.4%
CVE-2024-30241 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Profilegrid
NVD
CVSS 3.1
8.5
EPSS
3.5%
CVE-2023-47644 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid - User Profiles, Memberships, Groups and Communities.6.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-3404 MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Profilegrid
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-3714 HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-3713 HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation WordPress Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-3403 MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0940 HIGH POC This Week

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-41791 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress Profilegrid
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2022-3578 MEDIUM POC This Month

The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilegrid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-15873 HIGH POC This Week

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress RCE Profilegrid
NVD
CVSS 3.0
8.8
EPSS
3.9%
EPSS 0% CVSS 7.5
HIGH This Week

Authentication bypass in the Metagauss ProfileGrid WordPress plugin (versions up to and including 5.9.9.6) lets remote unauthenticated attackers abuse the password recovery flow as an alternate channel to hijack arbitrary user accounts, including administrators. Because the flaw is exploitable over the network with no privileges and no user interaction (CVSS 7.5, I:H), it enables full account takeover on affected WordPress sites. No public exploit is identified at time of analysis and it is not in CISA KEV, but the low attack complexity makes it an attractive target once details circulate.

Authentication Bypass Profilegrid
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery in the ProfileGrid - User Profiles, Groups and Communities WordPress plugin (versions 5.9.9.7 and earlier) allows a remote unauthenticated attacker to force a logged-in victim into performing unintended state-changing actions, chaining to full account takeover. Because a successful CSRF against an administrator can hijack a privileged account, impact is rated high across confidentiality, integrity, and availability (CVSS 8.8). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

CSRF Profilegrid
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Metagauss ProfileGrid WordPress plugin through version 5.9.8.1, allowing attackers to inject malicious scripts that persist in the database and execute in the browsers of other users. The vulnerability affects all versions of ProfileGrid up to and including 5.9.8.1, enabling attackers with appropriate access to compromise user sessions, steal credentials, or perform actions on behalf of victims. While no CVSS score or EPSS data is currently available, the Stored XSS classification (CWE-79) combined with active reporting from security researchers indicates this is a legitimate and actionable threat.

XSS Profilegrid
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Profilegrid +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress PHP +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Profilegrid +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Profilegrid
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment(). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Profilegrid
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.8.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Profilegrid
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Profilegrid
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Profilegrid
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Profilegrid
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Profilegrid
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The ProfileGrid - User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Profilegrid
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.7.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profilegrid
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.7.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Profilegrid
NVD
EPSS 55% CVSS 8.5
HIGH Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 55.2% and no vendor patch available.

SQLi Profilegrid
NVD
EPSS 14% CVSS 9.3
CRITICAL POC THREAT Emergency

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.8. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

SQLi Profilegrid
NVD
EPSS 4% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.7.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Profilegrid
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid - User Profiles, Memberships, Groups and Communities.6.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profilegrid
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Profilegrid
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation WordPress Authentication Bypass +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation WordPress +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Profilegrid
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Profilegrid
NVD WPScan
EPSS 1% CVSS 6.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress Profilegrid
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Profilegrid
NVD WPScan
EPSS 4% CVSS 8.8
HIGH POC This Week

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP WordPress +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy