Metagauss

Profilegrid

49 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-25417

  • EPSS 0.03%
  • Veröffentlicht 25.03.2026 16:14:49
  • Zuletzt bearbeitet 30.03.2026 13:27:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through <= 5.9.8...

4.3

CVE-2026-2494

  • EPSS 0.01%
  • Veröffentlicht 07.03.2026 01:21:22
  • Zuletzt bearbeitet 09.03.2026 13:35:34

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page ...

4.3

CVE-2026-2488

  • EPSS 0.04%
  • Veröffentlicht 07.03.2026 01:21:21
  • Zuletzt bearbeitet 09.03.2026 13:35:34

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pg_delete_msg() function in all versions up to, and including, 5.9.8.1. This is due t...

5.3

CVE-2026-1271

  • EPSS 0.02%
  • Veröffentlicht 05.02.2026 09:13:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX actions. This is d...

4.3

CVE-2025-13416

  • EPSS 0.01%
  • Veröffentlicht 05.02.2026 08:25:43
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2...

7.1

CVE-2025-4957

  • EPSS 0.03%
  • Veröffentlicht 26.09.2025 09:15:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through <= 5....

8.5

CVE-2025-49033

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 10:34:22
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through...

8.5

CVE-2025-49876

  • EPSS 0.04%
  • Veröffentlicht 16.07.2025 11:27:58
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5....

6.1

CVE-2025-6977

  • EPSS 0.45%
  • Veröffentlicht 16.07.2025 04:24:02
  • Zuletzt bearbeitet 16.07.2025 19:57:43

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’ function in all versions up to, and including, 5.9.5.4 due to insufficient input sani...

4.3

CVE-2025-52719

  • EPSS 0.04%
  • Veröffentlicht 20.06.2025 15:15:32
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Retrieve Embedded Sensitive Data.This issue affects ProfileGrid : from n/a thro...