ProfileGrid – User Profiles, Groups and Communities
Moderate fix1 remedy
cpe:2.3:a:profilegrid:profilegrid:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 5.9.7.2
ProfileGrid WordPress Plugin Missing Authorization Vulnerability Allows Arbitrary User Suspension
Vulnerability
Patched
A vulnerability exists in the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress, in versions through 5.9.7.2. The issue arises from a lack of proper capability checks in the pm_deactivate_user_from_group() function, allowing authenticated users with Subscriber-level access and above to suspend any user, including administrators, from groups. This is done through the pm_deactivate_user_from_group AJAX action.
Impact
Exploitation of this vulnerability allows for unauthorized suspension of users from groups, potentially disrupting their access or roles, especially if the suspended user is an administrator.
Remediation
Users can update to version 5.9.7.3 or a newer patched version to address this vulnerability.
Added: Feb 5, 2026, 9:56 AM
Updated: Feb 5, 2026, 3:33 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
2.5exploitability
6.1remediation
7.7relevance
2.8threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.