logo

Critical Privilege Escalation Vulnerability in ProfileGrid Plugin for WordPress

ID: 7ad3a1e1-0c72-5a3b-a4ce-6f41e40a99e4

STIX ID: report--7ad3a1e1-0c72-5a3b-a4ce-6f41e40a99e4

Feed Name: ThreatCluster

Threat Score
85/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

...
...

ProfileGrid (<= 5.9.9.5) for WordPress contains a critical privilege escalation flaw allowing unauthenticated attackers to change the admin email and reset the administrator password, resulting in full admin account takeover (CVSS 9.8). Administrators should update or disable the plugin immediately; no public proof-of-concept or active exploitation has been reported as of publication (June 30, 2026).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.