CVE-2026-4608

Name of the Vulnerable Software and Affected Versions ProfileGrid versions prior to 5.9.8.5

Description The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress contains a blind SQL Injection flaw. This issue occurs due to insufficient escaping of user-supplied parameters and a lack of proper preparation of the SQL query. Authenticated attackers with Subscriber-level access or higher can append additional SQL queries via the rid parameter to extract sensitive information from the database.

Recommendations Update the plugin to a version later than 5.9.8.4. As a temporary workaround, restrict access to the rid parameter to minimize the risk of exploitation.