cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, CVE-2025-13416

CVE, Research URL

CVE-2025-13416

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Feb 05, 2026
Research Description
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to suspend arbitrary users from groups, including administrators, via the pm_deactivate_user_from_group AJAX action.
Affected versions
max 5.9.7.3.
Status
vulnerable
Previous vulnerability researches
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9864) , May 07, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-8369) , Sep 11, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2026-25389) , Feb 27, 2026
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-47648) , Oct 03, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-4665) , May 19, 2025
New vulnerability
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages (CVE-2025-67974) , Feb 28, 2026
Inpersttion For Theme (CVE-2025-52744) , Feb 28, 2026
JAMstack Deployments (CVE-2026-25409) , Feb 28, 2026
WPshop 2 – E-Commerce (CVE-2025-69383) , Feb 28, 2026
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2025-11754) , Feb 28, 2026