Profilegrid – user profiles, groups and communities

This hub aggregates every CVE we track for Profilegrid – user profiles, groups and communities, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Enterprise Softwareon-premweb app

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM18HIGH5

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Profilegrid – user profiles, groups and communities.

CVE-2026-4607ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification4.3May 13, 2026
CVE-2026-4609ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining7.1May 13, 2026
CVE-2026-4608ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter6.5May 13, 2026
CVE-2026-2494ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial4.3Mar 7, 2026
CVE-2026-2488ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion4.3Mar 7, 2026
CVE-2026-1271ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification5.3Feb 5, 2026
CVE-2025-13416ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension4.3Feb 5, 2026
CVE-2025-6977ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function6.1Jul 16, 2025
CVE-2025-0724ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection8.8Mar 22, 2025
CVE-2025-1408ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management4.3Mar 22, 2025
CVE-2025-0723ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection6.5Mar 22, 2025
CVE-2024-13740ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure4.3Feb 18, 2025
CVE-2024-13741ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery5.4Feb 18, 2025
CVE-2024-10900ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion6.5Nov 20, 2024
CVE-2024-8861ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting6.4Sep 26, 2024

Product normalization is registry-driven with AI assist and human review. How it works