ProfileGrid
Metagauss
Developer
5.9.8.5
Latest version
6,000
Installations
No date
Last updated
Vulnerability history
0 present
50 patched
25 Mitigation rules
- Cross Site Scripting (XSS) vulnerability<= 5.9.8.123/03/2026
- Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability<= 5.9.8.107/03/2026
- Cross-Site Request Forgery to Group Membership Request Approval/Denial vulnerability<= 5.9.8.207/03/2026
- Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification vulnerability<= 5.9.7.204/02/2026
- WordPress ProfileGrid - User Profiles, Groups and Communities plugin <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension vulnerability<= 5.9.7.204/02/2026
- Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management vulnerability<= 5.9.4.431/12/2025
- Authenticated (Subscriber+) PHP Object Injection vulnerability<= 5.9.4.531/12/2025
- Reflected Cross Site Scripting (XSS) vulnerability<= 5.9.5.701/09/2025
- SQL Injection vulnerability<= 5.9.5.324/07/2025
- Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function vulnerability<= 5.9.5.416/07/2025
- SQL Injection vulnerability<= 5.9.5.210/07/2025
- Full Path Disclosure (FPD) Vulnerability<= 5.9.5.219/06/2025
- Server Side Request Forgery (SSRF) Vulnerability<= 5.9.5.212/06/2025
- Broken Access Control Vulnerability<= 5.9.5.116/05/2025
- SQL Injection Vulnerability<= 5.9.5.012/05/2025
- SQL Injection Vulnerability<= 5.9.4.817/04/2025
- Authenticated (Subscriber+) SQL Injection vulnerability<= 5.9.4.721/03/2025
- PHP Object Injection vulnerability<= 5.9.4.323/02/2025
- Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure vulnerability<= 5.9.4.217/02/2025
- Authenticated (Subscriber+) Limited Server-Side Request Forgery vulnerability<= 5.9.4.217/02/2025
- Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion vulnerability<= 5.9.3.619/11/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 5.9.314/10/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 5.9.3.226/09/2024
- Authenticated (Subscriber+) Insecure Direct Object Reference vulnerability<= 5.8.910/07/2024
- Authenticated Privilege Escalation vulnerability<= 5.8.909/07/2024
- Broken Access Control vulnerability<= 5.8.701/07/2024
- Missing Authorization vulnerability<= 5.8.605/06/2024
- Insecure Direct Object Reference (IDOR) vulnerability<= 5.7.922/04/2024
- Group Members Limit Bypass vulnerability<= 5.8.222/04/2024
- Insecure Direct Object References (IDOR) vulnerability<= 5.7.922/04/2024
- Missing Authorization vulnerability<= 5.8.317/04/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 5.7.808/04/2024
- IDOR on Friend Request vulnerability<= 5.7.605/04/2024
- Insecure Direct Object References (IDOR) vulnerability<= 5.7.228/03/2024
- SQL Injection vulnerability<= 5.7.828/03/2024
- SQL Injection vulnerability<= 5.7.828/03/2024
- Contributor+ SQL Injection vulnerability<= 5.7.126/03/2024
- Broken Access Control vulnerability<= 5.6.628/12/2023
- Cross Site Request Forgery (CSRF) vulnerability<= 5.7.107/11/2023
- Authenticated (Subscriber+) Arbitrary Option Update vulnerability<= 5.5.118/07/2023
- Hardcoded Encryption Key vulnerability<= 5.5.018/07/2023
- Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation vulnerability<= 5.5.218/07/2023
- Missing Authorization to User Import vulnerability<= 5.5.118/07/2023
- Broken Access Control vulnerability<= 5.0.316/03/2023
- Subscriber+ Arbitrary Password Reset vulnerability< 5.3.102/03/2023
- Auth. CSV Injection vulnerability<= 5.1.617/11/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 5.1.015/11/2022
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.7.418/01/2022
- Authenticated Code Execution vulnerability<= 2.8.505/06/2018
- Reflected Cross Site Scripting<= 2.6.627/11/2017