{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4609/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-4609"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ProfileGrid – User Profiles, Groups and Communities plugin for WordPress \u003c= 5.9.8.4"],"_cs_severities":["high"],"_cs_tags":["authentication bypass","wordpress plugin","privilege escalation","cve-2026-4609"],"_cs_type":"advisory","_cs_vendors":["Wordpress"],"content_html":"\u003cp\u003eCVE-2026-4609 affects the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress. The vulnerability stems from a missing capability check on the \u003ccode\u003epm_invite_user\u003c/code\u003e function in versions up to and including 5.9.8.4. This oversight enables authenticated attackers, possessing subscriber-level access or higher, to bypass authorization mechanisms and payment gateways. Attackers can exploit this vulnerability to add themselves or any registered user to any ProfileGrid group, including those that are closed or require payment for access. This issue was reported on May 13, 2026, and poses a significant risk to websites using the vulnerable plugin, as it can lead to unauthorized access to premium content and features.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker registers an account on the WordPress site, obtaining subscriber-level access.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the vulnerable \u003ccode\u003epm_invite_user\u003c/code\u003e function within the ProfileGrid plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to the WordPress site, targeting the \u003ccode\u003epm_invite_user\u003c/code\u003e function, with parameters specifying the target group and user to add.\u003c/li\u003e\n\u003cli\u003eThe crafted request bypasses the intended capability checks due to the missing authorization validation.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003epm_invite_user\u003c/code\u003e function processes the request, adding the attacker or the specified user to the targeted group, regardless of group access restrictions.\u003c/li\u003e\n\u003cli\u003eIf the targeted group is a paid group, the attacker gains access to premium content and features without completing the required payment process.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the unauthorized group membership to access restricted areas of the website and potentially perform actions reserved for higher-privileged users.\u003c/li\u003e\n\u003cli\u003eThe attacker may further escalate privileges or exfiltrate sensitive data accessible through the unauthorized group membership.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4609 allows subscriber-level attackers to bypass authorization and payment gates, potentially affecting all ProfileGrid groups, including closed and paid ones. This can lead to unauthorized access to premium content and features. The number of victims depends on the number of websites using the vulnerable ProfileGrid plugin version. The impacted sectors are broad, as WordPress is used by various organizations. The financial impact includes loss of revenue from bypassed payment gates and potential data breaches.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress to the latest version, which includes a fix for CVE-2026-4609.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect ProfileGrid Unauthorized Group Invitation\u0026rdquo; to detect exploitation attempts targeting the vulnerable \u003ccode\u003epm_invite_user\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eReview WordPress user roles and permissions to ensure appropriate access controls are in place.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T15:52:17Z","date_published":"2026-05-13T15:52:17Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-4609-profilegrid-auth-bypass/","summary":"The ProfileGrid WordPress plugin versions up to 5.9.8.4 contain an authentication bypass vulnerability (CVE-2026-4609) that allows authenticated users with subscriber-level privileges to add themselves or others to arbitrary groups, including paid groups, without proper authorization, leading to privilege escalation and potential financial impact.","title":"CVE-2026-4609: ProfileGrid WordPress Plugin Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-4609-profilegrid-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-4609","version":"https://jsonfeed.org/version/1.1"}