cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, CVE-2025-6977

CVE, Research URL

CVE-2025-6977

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Jul 16, 2025
Research Description
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’ function in all versions up to, and including, 5.9.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a logged-in user into performing an action such as clicking on a link.
Affected versions
Min -, max 5.9.5.5.
Status
vulnerable
Previous vulnerability researches
BuddyForms Form Elements for WooCommerce (39d1f22f-ea34-4d94-9dc2-12661cf69d36) , Jun 07, 2024
New vulnerability
Knowledge Base (CVE-2025-7431) , Jul 18, 2025
Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin (CVE-2025-48150) , Jul 18, 2025
Infility Global (CVE-2025-47652) , Jul 18, 2025
WP-BusinessDirectory – Business directory plugin for WordPress (CVE-2025-24759) , Jul 18, 2025
Vertical scroll image slideshow gallery (CVE-2025-5752) , Jul 18, 2025