Cross Site Request Forgery Vulnerability in ProfileGrid by ProfileGrid
CVE-2026-57759

8.8HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
2 July 2026

What is CVE-2026-57759?

An unauthenticated Cross Site Request Forgery (CSRF) vulnerability exists in ProfileGrid versions 5.9.9.7 and below. This flaw allows attackers to exploit the system by tricking users into executing unwanted actions on their accounts, which could lead to unauthorized account access and potentially compromise user data. It's crucial for users of ProfileGrid to consider implementing security measures to safeguard against CSRF attacks and ensure the integrity of their profiles.

Affected Version(s)

ProfileGrid <= 5.9.9.7

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dodoh4t | Patchstack Bug Bounty Program
.