Profilegrid

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMetagauss (efd32a3a-6f1a-5c0a-ba62-c7bf604b79bd)
ProductProfilegrid (04dbff96-f8b1-5f25-b5f3-8e0cf9b125c9)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/wpplugins/profilegrid-user-profiles-groups-and-communities purl2cpe 2026-06-01 10:17:44.212390

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-25417 vulnerable 2026-06-08 07:53:19.783142 WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through <= 5.9.8.1.
Published: 2026-03-25T16:14:49.008Z
Updated: 2026-04-28T16:14:58.504Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-52719 vulnerable 2026-06-08 07:31:12.873274 WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability
MEDIUM (4.3)
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
Published: 2025-06-20T15:03:37.331Z
Updated: 2026-04-28T16:13:17.624Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-4957 vulnerable 2026-06-08 07:29:17.592390 WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through <= 5.9.5.7.
Published: 2025-09-26T08:31:14.954Z
Updated: 2026-04-28T16:13:05.588Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-49877 vulnerable 2026-06-08 07:29:15.042042 WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability
MEDIUM (4.9)
Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Server Side Request Forgery.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
Published: 2025-06-17T15:01:14.573Z
Updated: 2026-04-28T16:13:06.696Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-49876 vulnerable 2026-06-08 07:29:15.041632 WordPress ProfileGrid plugin <= 5.9.5.2 - SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
Published: 2025-07-16T11:27:58.713Z
Updated: 2026-04-28T16:13:06.707Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-49033 vulnerable 2026-06-08 07:29:12.487794 WordPress ProfileGrid plugin <= 5.9.5.3 - SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.
Published: 2025-08-14T10:34:22.669Z
Updated: 2026-04-28T16:12:57.824Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-48079 vulnerable 2026-06-08 07:27:15.458146 WordPress ProfileGrid plugin <= 5.9.5.1 - Broken Access Control Vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid : from n/a through <= 5.9.5.1.
Published: 2025-05-16T15:45:05.014Z
Updated: 2026-04-28T16:12:50.377Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-47478 vulnerable 2026-06-08 07:27:14.443397 WordPress ProfileGrid plugin <= 5.9.5.0 - SQL Injection Vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.0.
Published: 2025-05-23T12:43:35.084Z
Updated: 2026-04-28T16:12:42.337Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-39586 vulnerable 2026-06-08 07:23:06.802862 WordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection Vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8.
Published: 2025-04-17T15:46:45.272Z
Updated: 2026-04-28T16:12:35.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-26999 vulnerable 2026-06-08 07:14:50.800293 WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability
HIGH (8.8)
Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3.
Published: 2025-03-03T13:30:00.763Z
Updated: 2026-04-28T16:11:46.300Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-6410 vulnerable 2026-06-08 06:58:19.372405 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference
MEDIUM (4.3)
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.8.9 via the 'pm_upload_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the profile picture of any user.
Published: 2024-07-10T04:31:30.743Z
Updated: 2026-04-08T17:04:49.074Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-49273 vulnerable 2026-06-08 06:50:13.331300 WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities.This issue affects ProfileGrid : from n/a through <= 5.9.3.
Published: 2024-10-21T11:13:31.019Z
Updated: 2026-05-11T21:14:32.229Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32808 vulnerable 2026-06-08 06:37:24.045872 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability
MEDIUM (5.4)
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
Published: 2024-04-24T10:18:16.918Z
Updated: 2026-04-28T16:09:40.665Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32774 vulnerable 2026-06-08 06:37:23.957950 WordPress ProfileGrid plugin <= 5.8.2 - Group Members Limit Bypass vulnerability
MEDIUM (4.3)
Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.
Published: 2024-05-17T09:37:45.568Z
Updated: 2026-04-28T16:09:40.052Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32772 vulnerable 2026-06-08 06:37:23.953861 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability
MEDIUM (4.3)
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
Published: 2024-04-24T10:19:29.541Z
Updated: 2026-04-28T16:09:40.054Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31362 vulnerable 2026-06-08 06:35:31.366359 WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
Published: 2024-04-12T12:22:27.390Z
Updated: 2026-04-28T16:09:31.314Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31291 vulnerable 2026-06-08 06:35:31.248287 WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability
MEDIUM (4.3)
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6.
Published: 2024-04-07T18:08:29.767Z
Updated: 2026-04-28T16:09:30.285Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30513 vulnerable 2026-06-08 06:35:30.494657 WordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerability
MEDIUM (6.5)
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2.
Published: 2024-03-29T15:50:04.982Z
Updated: 2026-04-28T16:09:25.799Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30491 vulnerable 2026-06-08 06:35:30.441103 WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.8 - SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
Published: 2024-03-29T13:49:56.539Z
Updated: 2026-04-28T16:09:24.953Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30490 vulnerable 2026-06-08 06:35:30.440588 WordPress ProfileGrid plugin <= 5.7.8 - SQL Injection vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
Published: 2024-03-29T13:47:25.041Z
Updated: 2026-04-28T16:09:24.913Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-30241 vulnerable 2026-06-08 06:35:29.312564 WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.1 - Contributor+ SQL Injection vulnerability
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
Published: 2024-03-28T04:36:29.228Z
Updated: 2026-04-28T16:09:22.745Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-52117 vulnerable 2026-06-08 06:17:54.286533 WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.
Published: 2024-06-12T08:44:06.317Z
Updated: 2026-04-28T16:09:04.972Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.