Metagauss

Profilegrid

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-2494

  • EPSS 0.01%
  • Veröffentlicht 07.03.2026 01:21:22
  • Zuletzt bearbeitet 07.03.2026 02:16:12

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page ...

4.3

CVE-2026-2488

  • EPSS 0.03%
  • Veröffentlicht 07.03.2026 01:21:21
  • Zuletzt bearbeitet 07.03.2026 02:16:12

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized message deletion due to a missing capability check on the pg_delete_msg() function in all versions up to, and including, 5.9.8.1. This is due t...

5.3

CVE-2026-1271

  • EPSS 0.01%
  • Veröffentlicht 05.02.2026 09:13:45
  • Zuletzt bearbeitet 05.02.2026 14:57:20

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX actions. This is d...

4.3

CVE-2025-13416

  • EPSS 0.03%
  • Veröffentlicht 05.02.2026 08:25:43
  • Zuletzt bearbeitet 05.02.2026 14:57:20

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2...

7.1

CVE-2025-4957

  • EPSS 0.03%
  • Veröffentlicht 26.09.2025 09:15:32
  • Zuletzt bearbeitet 26.09.2025 14:32:19

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid allows Reflected XSS. This issue affects ProfileGrid : from n/a through 5.9.5.7.

8.5

CVE-2025-49033

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 10:34:22
  • Zuletzt bearbeitet 14.08.2025 13:11:53

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3.

8.5

CVE-2025-49876

  • EPSS 0.04%
  • Veröffentlicht 16.07.2025 11:27:58
  • Zuletzt bearbeitet 16.07.2025 14:58:59

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.2.

6.1

CVE-2025-6977

  • EPSS 0.23%
  • Veröffentlicht 16.07.2025 04:24:02
  • Zuletzt bearbeitet 16.07.2025 19:57:43

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’ function in all versions up to, and including, 5.9.5.4 due to insufficient input sani...

4.3

CVE-2025-52719

  • EPSS 0.06%
  • Veröffentlicht 20.06.2025 15:15:32
  • Zuletzt bearbeitet 23.06.2025 20:16:40

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.

4.9

CVE-2025-49877

  • EPSS 0.04%
  • Veröffentlicht 17.06.2025 15:01:14
  • Zuletzt bearbeitet 17.06.2025 20:50:23

Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid allows Server Side Request Forgery. This issue affects ProfileGrid : from n/a through 5.9.5.2.