CVE-2026-2494

Name of the Vulnerable Software and Affected Versions ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to and including 5.9.8.2

Description The ProfileGrid plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is a result of a lack of nonce validation on the membership request management page, specifically during approve and decline actions. An unauthenticated attacker can potentially approve or deny group membership requests by tricking a site administrator into performing an action, such as clicking a malicious link. The affected functionality involves the processing of membership requests.

Recommendations Update ProfileGrid – User Profiles, Groups and Communities plugin for WordPress to a version later than 5.9.8.2.