Profilegrid

This hub aggregates every CVE we track for Profilegrid, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Web & CMS Pluginson-premweb app

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM30HIGH14CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Profilegrid.

CVE-2026-25417WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability6.5Mar 25, 2026
CVE-2025-4957WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability7.1Sep 26, 2025
CVE-2025-49033WordPress ProfileGrid plugin <= 5.9.5.3 - SQL Injection vulnerability8.5Aug 14, 2025
CVE-2025-49876WordPress ProfileGrid plugin <= 5.9.5.2 - SQL Injection vulnerability8.5Jul 16, 2025
CVE-2025-6977ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function6.1Jul 16, 2025
CVE-2025-52719WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability4.3Jun 20, 2025
CVE-2025-49877WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability4.9Jun 17, 2025
CVE-2025-47478WordPress ProfileGrid plugin <= 5.9.5.0 - SQL Injection Vulnerability8.5May 23, 2025
CVE-2025-48079WordPress ProfileGrid plugin <= 5.9.5.1 - Broken Access Control Vulnerability4.3May 16, 2025
CVE-2025-39586WordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection Vulnerability8.5Apr 17, 2025
CVE-2025-0724ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection8.8Mar 22, 2025
CVE-2025-1408ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management4.3Mar 22, 2025
CVE-2025-0723ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection6.5Mar 22, 2025
CVE-2025-26999WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability8.8Mar 3, 2025
CVE-2024-13740ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure4.3Feb 18, 2025

Product normalization is registry-driven with AI assist and human review. How it works