Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

ProfileGrid – User Profiles, Groups and Communities — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in ProfileGrid – User Profiles, Groups and Communities, with AI-generated Chinese analysis, references, and POCs.

This page documents known security vulnerabilities affecting the ProfileGrid plugin, a WordPress extension developed by MyCred for managing user profiles, groups, and communities, categorized under various weakness types including Cross-Site Scripting and Broken Access Control. The collection encompasses a comprehensive range of security issues identified in the software over the past several years, covering versions from early releases up to the most recent iterations. By aggregating these findings, the page provides a centralized resource for administrators and security researchers to track vendor advisories and understand the specific characteristics of each weakness class. Users can discover detailed histories of vulnerabilities associated with this product, allowing them to assess the security posture of their installations and identify outdated or unpatched versions. This aggregation aims to facilitate better risk management by presenting a clear timeline of disclosed flaws, their severity, and the corresponding fixes provided by the vendor. It serves as a reference point for understanding how common attack vectors have been exploited in the context of this specific community-building tool. The information is organized to help site owners prioritize remediation efforts based on the relevance and impact of each reported issue.

Vendor: metagauss

CVE IDTitleCVSSSeverityPublished
CVE-2026-4607 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification CWE-862 4.3 Medium2026-05-13
CVE-2026-4609 ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining CWE-862 7.1 High2026-05-13
CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter CWE-89 6.5 Medium2026-05-13
CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion CWE-862 4.3 Medium2026-03-07
CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial CWE-352 4.3 Medium2026-03-07
CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification CWE-639 5.3 Medium2026-02-05
CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension CWE-862 4.3 Medium2026-02-05
CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function CWE-79 6.1 Medium2025-07-16
CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management CWE-862 4.3 Medium2025-03-22
CVE-2025-0724 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection CWE-502 8.8 High2025-03-22
CVE-2025-0723 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection CWE-89 6.5 Medium2025-03-22
CVE-2024-13740 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure CWE-639 4.3 Medium2025-02-18
CVE-2024-13741 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery CWE-918 5.4 Medium2025-02-18
CVE-2024-10900 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion CWE-862 6.5 Medium2024-11-20
CVE-2024-8861 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-09-26
CVE-2024-6410 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference CWE-639 4.3 Medium2024-07-10
CVE-2024-6411 ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation CWE-269 8.8 High2024-07-10
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization CWE-862 4.3 Medium2024-06-05
CVE-2024-3606 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization CWE-862 4.3 Medium2024-05-02
CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key CWE-321 4.9 Medium2023-08-31
CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation CWE-862 7.5 High2023-07-18
CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import CWE-862 5.4 Medium2023-07-18
CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update CWE-862 8.8 High2023-07-18

All 23 known CVE vulnerabilities affecting ProfileGrid – User Profiles, Groups and Communities with full Chinese analysis, references, and POCs where available.