Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ProfileGrid – User Profiles, Groups and Communities — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in ProfileGrid – User Profiles, Groups and Communities, with AI-generated Chinese analysis, references, and POCs.

Vendor: metagauss

CVE IDTitleCVSSSeverityPublished
CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion CWE-862 4.3 Medium2026-03-07
CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial CWE-352 4.3 Medium2026-03-07
CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification CWE-639 5.3 Medium2026-02-05
CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension CWE-862 4.3 Medium2026-02-05
CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function CWE-79 6.1 Medium2025-07-16
CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management CWE-862 4.3 Medium2025-03-22
CVE-2025-0724 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection CWE-502 8.8 High2025-03-22
CVE-2025-0723 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection CWE-89 6.5 Medium2025-03-22
CVE-2024-13740 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure CWE-639 4.3 Medium2025-02-18
CVE-2024-13741 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery CWE-918 5.4 Medium2025-02-18
CVE-2024-10900 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion CWE-862 6.5 Medium2024-11-20
CVE-2024-8861 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CWE-79 6.4 Medium2024-09-26
CVE-2024-6410 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference CWE-639 4.3 Medium2024-07-10
CVE-2024-6411 ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation CWE-269 8.8 High2024-07-10
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization CWE-862 4.3 Medium2024-06-05
CVE-2024-3606 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization CWE-862 4.3 Medium2024-05-02
CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key CWE-321 4.9 Medium2023-08-31
CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation CWE-862 7.5 High2023-07-18
CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import CWE-862 5.4 Medium2023-07-18
CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update CWE-862 8.8 High2023-07-18

All 20 known CVE vulnerabilities affecting ProfileGrid – User Profiles, Groups and Communities with full Chinese analysis, references, and POCs where available.