| CVE-2026-25456 | WordPress Automated FedEx live/manual rates with shipping labels plugin <= 5.1.9 - Broken Access Control vulnerability | Aarsiv Groups | Automated FedEx live/manual rates with shipping labels | High | 7.3 | 2026-03-25 16:14:51 | Deep Dive |
| CVE-2026-2494 | ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2026-03-07 01:21:22 | Deep Dive |
| CVE-2026-2488 | ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2026-03-07 01:21:22 | Deep Dive |
| CVE-2026-0549 | Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode | itthinx | Groups | Medium | 6.4 | 2026-02-19 04:36:16 | Deep Dive |
| CVE-2026-1271 | ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 5.3 | 2026-02-05 09:13:45 | Deep Dive |
| CVE-2025-13416 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2026-02-05 08:25:44 | Deep Dive |
| CVE-2025-11748 | Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join | itthinx | Groups | Medium | 4.3 | 2025-11-08 03:27:49 | Deep Dive |
| CVE-2025-42923 | Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups) | SAP_SE | SAP Fiori App (F4044 Manage Work Center Groups) | Medium | 4.3 | 2025-09-09 02:09:48 | Deep Dive |
| CVE-2025-49035 | WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability | chaimchaikin | Admin Menu Groups | Medium | 5.9 | 2025-08-27 03:26:17 | Deep Dive |
| CVE-2025-6977 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 6.1 | 2025-07-16 04:24:03 | Deep Dive |
| CVE-2024-9017 | PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description | PeepSo | PeepSo Core: Groups | Medium | 6.4 | 2025-07-03 06:44:25 | Deep Dive |
| CVE-2025-0724 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection | metagauss | ProfileGrid – User Profiles, Groups and Communities | High | 8.8 | 2025-03-22 04:22:06 | Deep Dive |
| CVE-2025-1408 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2025-03-22 04:22:06 | Deep Dive |
| CVE-2025-0723 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 6.5 | 2025-03-22 04:22:05 | Deep Dive |
| CVE-2024-13740 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.3 | 2025-02-18 02:06:01 | Deep Dive |
| CVE-2024-13741 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 5.4 | 2025-02-18 01:44:01 | Deep Dive |
| CVE-2025-24538 | WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability | Slava Abakumov | BuddyPress Groups Extras | Medium | 5.4 | 2025-01-27 14:22:15 | Deep Dive |
| CVE-2025-23730 | WordPress FLX Dashboard Groups plugin <= 0.0.7 - Reflected Cross Site Scripting (XSS) vulnerability | flx0 | FLX Dashboard Groups | High | 7.1 | 2025-01-23 15:29:42 | Deep Dive |
| CVE-2025-22735 | WordPress Tag Cloud Plugin - Tag Groups plugin <= 2.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | Steve Burge | WordPress Tag Cloud Plugin – Tag Groups | High | 7.1 | 2025-01-21 13:40:35 | Deep Dive |
| CVE-2024-10900 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 6.5 | 2024-11-20 06:42:54 | Deep Dive |