cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, 86d68c452f926cc98c490ab47b43d43708e80b63

CVE, Research URL

86d68c452f926cc98c490ab47b43d43708e80b63

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Nov 27, 2017
Research Description
ProfileGrid – User Profiles, Groups and Communities [profilegrid-user-profiles-groups-and-communities] < 2.6.7 WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting A reflected cross-site scripting vulnerability was found in ProfileGrid plugin in 2.6.6 version. The vulnerability exists in the file /admin/partials/user-manager.php. There some of $_GET parameters are not escaped. For example: if(isset($_GET[‘search’])) echo $_GET[‘search’]; …
Affected versions
max 2.6.7.
Status
vulnerable
Previous vulnerability researches
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-39586) , Apr 19, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2024-13741) , May 07, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-48079) , May 18, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-25417) , Mar 30, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-26999) , Mar 05, 2025
New vulnerability
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026
Motors – Car Dealer, Classifieds &amp; Listing (CVE-2026-7859) , Jun 24, 2026