cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, CVE-2025-13416

CVE, Research URL

CVE-2025-13416

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Feb 05, 2026
Research Description
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to suspend arbitrary users from groups, including administrators, via the pm_deactivate_user_from_group AJAX action.
Affected versions
max 5.9.7.3.
Status
vulnerable
Previous vulnerability researches
Library Viewer (CVE-2023-32102) , Jun 07, 2024
Library Viewer (CVE-2023-32101) , Jun 07, 2024
Library Viewer (CVE-2025-15396) , Feb 27, 2026
New vulnerability
JAMstack Deployments (CVE-2026-25409) , Feb 28, 2026
WPshop 2 – E-Commerce (CVE-2025-69383) , Feb 28, 2026
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) (CVE-2025-11754) , Feb 28, 2026
RealPress – Real Estate Plugin (CVE-2026-27050) , Feb 28, 2026
Enter Addons – Ultimate Template Builder for Elementor (CVE-2026-25014) , Feb 28, 2026