Tag

Wordpress Plugin

2 briefs RSS

CVE-2026-6271: WordPress Career Section Plugin Arbitrary File Upload Vulnerability

The Career Section plugin for WordPress is vulnerable to arbitrary file upload in versions up to 1.7 due to missing file type validation in the CV upload handler, potentially leading to remote code execution.

Career Section plugin arbitrary file upload remote code execution wordpress plugin

2r 1c May 14, 2026

high advisory

CVE-2026-4609: ProfileGrid WordPress Plugin Authentication Bypass Vulnerability

1 rule 1 TTP 1 CVE

The ProfileGrid WordPress plugin versions up to 5.9.8.4 contain an authentication bypass vulnerability (CVE-2026-4609) that allows authenticated users with subscriber-level privileges to add themselves or others to arbitrary groups, including paid groups, without proper authorization, leading to privilege escalation and potential financial impact.

ProfileGrid – User Profiles, Groups and Communities plugin for WordPress <= 5.9.8.4 authentication bypass wordpress plugin privilege escalation cve-2026-4609

1r 1t 1c May 13, 2026