Cross-site Scripting Vulnerability in ProfileGrid by Metagauss
CVE-2026-25417
6.5MEDIUM
What is CVE-2026-25417?
A Cross-site Scripting (XSS) vulnerability exists in the ProfileGrid plugin by Metagauss, enabling attackers to inject malicious scripts. This can lead to the storage of harmful scripts, which may be executed in the browsers of unsuspecting users when they visit compromised pages. Affected versions of ProfileGrid include any release prior to the updated version 5.9.8.1. As a result, it is crucial for users to upgrade to secure their applications against potential threats.
Affected Version(s)
ProfileGrid 0 <= 5.9.8.1