cleantalk
Vulnerabilities and Security Researches

ProfileGrid – User Profiles, Memberships, Groups and Communities, CVE-2025-4957

CVE, Research URL

CVE-2025-4957

Home page URL

Security reports for ProfileGrid – User Profiles, Memberships, Groups and Communities

Application

ProfileGrid – User Profiles, Memberships, Groups and Communities

Published on
Sep 26, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Reflected XSS.This issue affects ProfileGrid : from n/a through <= 5.9.5.7.
Affected versions
max 5.9.5.8.
Status
vulnerable
Previous vulnerability researches
WooCommerce Additional Fees On Checkout (Free) (CVE-2024-12395) , Dec 18, 2024
WooCommerce Additional Fees On Checkout (Free) (CVE-2025-57903) , Apr 25, 2026
New vulnerability
WP Travel Engine &#8211; Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor (CVE-2025-59574) , Apr 26, 2026
The Guardian News Feed (CVE-2026-1087) , Apr 25, 2026
Booking Calendar Contact Form (CVE-2026-6810) , Apr 25, 2026
Rescue Shortcodes (CVE-2025-62110) , Apr 25, 2026
Taxi Booking Manager for WooCommerce &#8211; WordPress plugin | Ecab (CVE-2026-28040) , Apr 25, 2026