cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, CVE-2025-4957

CVE, Research URL

CVE-2025-4957

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Sep 26, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through <= 5.9.5.7.
Affected versions
max 5.9.5.8.
Status
vulnerable
Previous vulnerability researches
Skyword API Plugin (CVE-2024-11907) , Jan 10, 2025
Skyword API Plugin (CVE-2025-58703) , Apr 25, 2026
New vulnerability
WP-Recall &#8211; Registration, Profile, Commerce &amp; More (CVE-2024-9770) , Apr 26, 2026
Bitly&#039;s WordPress Plugin (CVE-2025-58231) , Apr 26, 2026
IP Based Login (CVE-2025-58960) , Apr 26, 2026
WP Travel Engine &#8211; Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor (CVE-2025-59574) , Apr 26, 2026
The Guardian News Feed (CVE-2026-1087) , Apr 25, 2026