CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49876 – WordPress ProfileGrid <= 5.9.5.2 - SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-49876
10 Jul 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2. The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level a... • https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-5-9-5-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52719 – WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability
https://notcve.org/view.php?id=CVE-2025-52719
19 Jun 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2. The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.9.5.2. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other at... • https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-5-2-full-path-disclosure-fpd-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49877 – WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-49877
12 Jun 2025 — Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid allows Server Side Request Forgery. This issue affects ProfileGrid : from n/a through 5.9.5.2. The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.9.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application w... • https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-5-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48079 – WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-48079
16 May 2025 — Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1. The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.9.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unau... • https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-5-9-5-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47478 – WordPress ProfileGrid <= 5.9.5.0 - SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-47478
12 May 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.0. The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.9.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level a... • https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-5-9-5-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39586 – WordPress ProfileGrid <= 5.9.4.8 - SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-39586
17 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.4.8. The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.9.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level a... • https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-5-9-4-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26999 – WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26999
23 Feb 2025 — Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid allows Object Injection. This issue affects ProfileGrid : from n/a through 5.9.4.3. The ProfileGrid plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.9.4.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. • https://patchstack.com/database/wordpress/plugin/profilegrid-user-profiles-groups-and-communities/vulnerability/wordpress-profilegrid-plugin-5-9-4-3-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49273 – WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49273
14 Oct 2024 — Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3. The ProfileGrid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.9.3. This is due to missing or incorrect nonce validation on the pg_create_group_page() function. This makes it possible for unauthenticated attackers to create group pages via a forged request granted they can trick a site administrator into performing an actio... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-9-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37453 – WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.8.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37453
01 Jul 2024 — Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7. The ProfileGrid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pm_create_message function in versions up to, and including, 5.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to send messages even when they ... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-user-profiles-groups-and-communities-plugin-5-8-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32772 – WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-32772
22 Apr 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Metagauss ProfileGrid. Este problema afecta a ProfileGrid: desde n/a hasta 5.7.9. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missi... • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-7-9-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •