High 7.1
2025-09-26< 5.9.5.8
ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.7 - Reflected Cross-Site Scripting
ProfileGrid – User Profiles, Groups and Communities
Vulnerabilities 53Slug profilegrid-user-profiles-groups-and-communitiesLatest version 5.9.9.2WordPress.org →
Minimum safe version
5.9.8.3
Update to 5.9.8.3 or later to address 53 fixable vulnerabilities
Latest available5.9.9.2 ✓
N/A
2026-02-04< 5.9.7.3
ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification
N/A
2026-03-06< 5.9.8.2
ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion
N/A
2026-03-06< 5.9.8.3
ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial
Medium 6.5
2026-03-25< 5.9.8.2
CVE-2026-25417
Medium 4.3
2026-02-05< 5.9.7.3
CVE-2025-13416
High 8.5
2025-08-14< 5.9.5.4
CVE-2025-49033
Medium 6.1
2025-07-16< 5.9.5.5
ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function
High 8.5
2025-07-16< 5.9.5.3
CVE-2025-49876
Medium 4.3
2025-06-20< 5.9.5.3
CVE-2025-52719
Medium 4.9
2025-06-17< 5.9.5.3
CVE-2025-49877
N/A
2025-05-23< 5.9.5.1
CVE-2025-47478
Medium 4.3
2025-05-16< 5.9.5.2
CVE-2025-48079
High 8.5
2025-04-17< 5.9.4.9
CVE-2025-39586
High 8.8
2025-03-22< 5.9.4.6
ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection
Medium 4.3
2025-03-22< 5.9.4.5
ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management
Medium 6.5
2025-03-22< 5.9.4.8
ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection
High 8.8
2025-03-03< 5.9.4.4
CVE-2025-26999
Medium 5.4
2025-02-18< 5.9.4.3
CVE-2024-13741
Medium 4.3
2025-02-18< 5.9.4.3
CVE-2024-13740
Medium 6.5
2024-11-20< 5.9.3.7
CVE-2024-10900
Medium 4.3
2024-10-21< 5.9.3.1
CVE-2024-49273
Medium 5.4
2024-09-26< 5.9.3.3
CVE-2024-8861
Medium 4.3
2024-07-10< 5.9.0
CVE-2024-6410
High 8.8
2024-07-10< 5.9.0
CVE-2024-6411
High 8.8
2024-11-01< 5.8.8
CVE-2024-37453
Medium 4.3
2024-06-05< 5.8.7
CVE-2024-5453
High 8.8
2024-05-17< 5.8.3
CVE-2024-32774
High 8.8
2024-04-24< 5.8.0
CVE-2024-32772
High 8.8
2024-04-24< 5.8.0
CVE-2024-32808
Medium 4.3
2024-05-02< 5.8.4
CVE-2024-3606
High 8.8
2024-04-12< 5.7.9
CVE-2024-31362
High 7.1
2024-04-07< 5.7.7
CVE-2024-31291
High 8.5
2024-03-29< 5.7.9
CVE-2024-30491
Critical 9.3
2024-03-29< 5.7.9
CVE-2024-30490
Medium 6.5
2024-03-29< 5.7.3
CVE-2024-30513
High 8.5
2024-04-26< 5.7.2
ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection
Medium 4.3
2024-12-28< 5.6.7
WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Broken Access Control
Medium 5.4
2023-11-18< 5.7.2
CVE-2023-47644
N/A
< 5.0.4
ProfileGrid < 5.0.4 - Subscriber+ Private Message Read/Edition
High 8.8
2023-07-18< 5.5.2
CVE-2023-3713
High 8.8
2023-07-18< 5.5.3
CVE-2023-3714
Medium 4.3
2023-07-18< 5.5.2
CVE-2023-3403
Medium 4.9
2023-08-31< 5.5.1
CVE-2023-3404
Medium 6.3
2024-01-08< 5.0.4
CVE-2022-36352
High 8.8
2023-03-20< 5.3.1
CVE-2023-0940
N/A
2022-10-27< 5.0.4
ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure
Medium 6.8
2022-11-17< 5.1.8
CVE-2022-41791
Medium 6.1
2022-11-15< 5.1.1
WordPress ProfileGrid plugin <= 5.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
N/A
2017-11-27< 2.6.7
WordPress ProfileGrid Plugin <= 2.6.6 - Reflected Cross Site Scripting
N/A
2018-06-05< 2.8.6
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 2.8.5 - Authenticated Code Execution vulnerability
High 8.8
2019-09-03< 2.8.6
CVE-2019-15873
Medium 5.4
2022-01-18< 4.7.7
CVE-2022-0233