Vulnerabilities

CVE-2026-2494 - ProfileGrid <= 5.9.8.2 - cross-site request forgery to group membership request a...

2026-03-07 0 views admin

CVE ID :CVE-2026-2494 Published : March 7, 2026, 2:16 a.m. | 1 hour, 10 minutes ago Description :The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.8.2. This is due to missing nonce validation on the membership request management page (approve and decline actions). This makes it possible for unauthenticated attackers to approve or deny group membership requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-2494

Severity

MEDIUM

Published

March 7, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-2494mediumwordpress

CVE-2026-2494 - ProfileGrid <= 5.9.8.2 - cross-site request forgery to group membership request a...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-14353 - ZIP Code Based Content Protection <= 1.0.2 - unauthenticated sql injection via '...

CVE-2026-1902 - Hammas Calendar <= 1.5.11 - authenticated (contributor+) stored cross-site script...

CVE-2026-1650 - MDJM Event Management <= 1.7.8.1 - missing authorization to unauthenticated arbit...

CVE-2026-2429 - Community Events <= 1.5.8 - authenticated (administrator+) sql injection via 'ce_...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting