cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, c59e75af12cc1aa882f5b5839afcb926254b6dd1

CVE, Research URL

c59e75af12cc1aa882f5b5839afcb926254b6dd1

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Oct 27, 2022
Research Description
ProfileGrid – User Profiles, Groups and Communities [profilegrid-user-profiles-groups-and-communities] < 5.0.4 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 5.0.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to obtain access to arbitrary messages with read and edit capabilities.
Affected versions
max 5.0.4.
Status
vulnerable
Previous vulnerability researches
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-39586) , Apr 19, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2024-13741) , May 07, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-48079) , May 18, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-25417) , Mar 30, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-26999) , Mar 05, 2025
New vulnerability
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026
Motors – Car Dealer, Classifieds &amp; Listing (CVE-2026-7859) , Jun 24, 2026