Tag
The ProfileGrid WordPress plugin versions up to 5.9.8.4 contain an authentication bypass vulnerability (CVE-2026-4609) that allows authenticated users with subscriber-level privileges to add themselves or others to arbitrary groups, including paid groups, without proper authorization, leading to privilege escalation and potential financial impact.