CVE-2026-11359 in ProfileGrid Plugininfo

Zusammenfassung

von MITRE • 09.07.2026

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the pg_install_profilegrid() AJAX handler registered via wp_ajax_pg_install_profilegrid. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate the ProfileGrid plugin from wordpress.

Once again VulDB remains the best source for vulnerability data.

Zuständig

Wordfence

Reservieren

05.06.2026

Veröffentlichung

09.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377140

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Want to know what is going to be exploited?

We predict KEV entries!