Does ProfileGrid – User Profiles, Groups and Communities have any unpatched vulnerabilities?

No. All known vulnerabilities in ProfileGrid – User Profiles, Groups and Communities have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ProfileGrid – User Profiles, Groups and Communities compatible with WordPress 6.9.4?

According to WordPress.org data, ProfileGrid – User Profiles, Groups and Communities 5.9.8.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ProfileGrid – User Profiles, Groups and Communities compatible with PHP 7.4+?

ProfileGrid – User Profiles, Groups and Communities requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is ProfileGrid – User Profiles, Groups and Communities's security score?

ProfileGrid – User Profiles, Groups and Communities has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ProfileGrid – User Profiles, Groups and Communities Security & Risk Analysis

wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities

Custom user profiles plugin ❤ with paid memberships, groups, communities, content restriction, user registration, messaging, WooCommerce memberships, …

6K active installs v5.9.8.4 PHP 7.4+ WP 3.5+ Updated Mar 12, 2026

communitymembershipprofileprofile-widgetuser-profile

B · Generally Safe

CVEs total48

Unpatched0

Last CVEMar 6, 2026

Plugin page Download

Safety Verdict

Is ProfileGrid – User Profiles, Groups and Communities Safe to Use in 2026?

Mostly Safe

Score 76/100

ProfileGrid – User Profiles, Groups and Communities is generally safe to use. 48 past CVEs were resolved. Keep it updated.

48 known CVEsLast CVE: Mar 6, 2026Updated 22d ago

Risk Assessment

The "profilegrid-user-profiles-groups-and-communities" plugin v5.9.8.4 presents a mixed security posture. While it demonstrates good practices in utilizing prepared statements for SQL queries and proper output escaping, a significant concern arises from its large attack surface, with 98 AJAX handlers lacking authentication checks. This creates a substantial entry point for attackers to exploit potential vulnerabilities. The presence of 6 high-severity taint flows with unsanitized paths further exacerbates this risk, indicating potential for code execution or data manipulation if these flows are triggered by malicious input.

The plugin's vulnerability history is extensive, with 48 known CVEs, including past critical and high-severity issues. Although there are currently no unpatched CVEs, the sheer volume and types of past vulnerabilities (SQL Injection, SSRF, Authorization Bypass, Deserialization) suggest a recurring pattern of security weaknesses that require careful monitoring. The plugin's tendency to have issues related to authorization and privilege management is particularly concerning given the large number of unprotected AJAX endpoints.

In conclusion, while the plugin employs some robust security mechanisms, the high number of unprotected AJAX endpoints and the history of severe vulnerabilities warrant caution. The critical risk lies in the potential for these unprotected endpoints to be leveraged to exploit weaknesses identified in past vulnerabilities or those indicated by the high-severity taint flows. Continued vigilance and prompt patching of any future vulnerabilities are essential.

Key Concerns

Large number of unprotected AJAX handlers
High severity taint flows with unsanitized paths
History of 48 known CVEs
History of 2 critical CVEs
History of 7 high severity CVEs

Vulnerabilities

ProfileGrid – User Profiles, Groups and Communities Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

4 CVEs in 2022

2022

7 CVEs in 2023

2023

17 CVEs in 2024

2024

15 CVEs in 2025

2025

4 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

48 total CVEs

CVE-2026-2488medium · 4.3Missing Authorization

ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion

Mar 6, 2026 Patched in 5.9.8.2 (1d)

CVE-2026-2494medium · 4.3Cross-Site Request Forgery (CSRF)

ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial

Mar 6, 2026 Patched in 5.9.8.3 (1d)

CVE-2026-1271medium · 5.3Authorization Bypass Through User-Controlled Key

ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification

Feb 4, 2026 Patched in 5.9.7.3 (1d)

CVE-2025-13416medium · 4.3Missing Authorization

ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension

Feb 4, 2026 Patched in 5.9.7.3 (1d)

CVE-2025-4957medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.7 - Reflected Cross-Site Scripting

Sep 1, 2025 Patched in 5.9.5.8 (45d)

CVE-2025-49033medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid <= 5.9.5.3 - Authenticated (Subscriber+) SQL Injection

Jul 24, 2025 Patched in 5.9.5.4 (5d)

CVE-2025-6977medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function

Jul 15, 2025 Patched in 5.9.5.5 (1d)

CVE-2025-49876medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) SQL Injection

Jul 10, 2025 Patched in 5.9.5.3 (7d)

CVE-2025-52719medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Full Path Disclosure

Jun 19, 2025 Patched in 5.9.5.3 (7d)

CVE-2025-49877medium · 6.4Server-Side Request Forgery (SSRF)

ProfileGrid <= 5.9.5.2 - Authenticated (Subscriber+) Server-Side Request Forgery

Jun 12, 2025 Patched in 5.9.5.3 (7d)

CVE-2025-48079medium · 4.3Missing Authorization

ProfileGrid <= 5.9.5.1 - Missing Authorization

May 16, 2025 Patched in 5.9.5.2 (5d)

CVE-2025-47478medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid <= 5.9.5.0 - Authenticated (Subscriber+) SQL Injection

May 12, 2025 Patched in 5.9.5.1 (9d)

CVE-2025-39586medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid <= 5.9.4.8 - Authenticated (Subscriber+) SQL Injection

Apr 17, 2025 Patched in 5.9.4.9 (6d)

CVE-2025-0724high · 8.8Deserialization of Untrusted Data

ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection

Mar 21, 2025 Patched in 5.9.4.6 (1d)

CVE-2025-1408medium · 4.3Missing Authorization

ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management

Mar 21, 2025 Patched in 5.9.4.5 (1d)

CVE-2025-0723medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection

Mar 21, 2025 Patched in 5.9.4.8 (1d)

CVE-2025-26999high · 8.8Deserialization of Untrusted Data

ProfileGrid <= 5.9.4.3 - Authenticated (Subscriber+) PHP Object Injection

Feb 23, 2025 Patched in 5.9.4.4 (9d)

CVE-2024-13740medium · 4.3Authorization Bypass Through User-Controlled Key

ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure

Feb 17, 2025 Patched in 5.9.4.3 (1d)

CVE-2024-13741medium · 5.4Server-Side Request Forgery (SSRF)

ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery

Feb 17, 2025 Patched in 5.9.4.3 (1d)

CVE-2024-10900medium · 6.5Missing Authorization

ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion

Nov 19, 2024 Patched in 5.9.3.7 (1d)

CVE-2024-49273medium · 4.3Cross-Site Request Forgery (CSRF)

ProfileGrid <= 5.9.3 - Cross-Site Request Forgery

Oct 14, 2024 Patched in 5.9.3.1 (5d)

CVE-2024-8861medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 25, 2024 Patched in 5.9.3.3 (1d)

CVE-2024-6410medium · 4.3Authorization Bypass Through User-Controlled Key

ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference

Jul 9, 2024 Patched in 5.9.0 (1d)

CVE-2024-6411high · 8.8Improper Privilege Management

ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation

Jul 9, 2024 Patched in 5.9.0 (1d)

CVE-2024-37453medium · 5.4Missing Authorization

ProfileGrid <= 5.8.7 - Missing Authorization

Jul 1, 2024 Patched in 5.8.8 (9d)

CVE-2024-5453medium · 4.3Missing Authorization

ProfileGrid <= 5.8.6 - Missing Authorization

Jun 4, 2024 Patched in 5.8.7 (1d)

CVE-2024-30241medium · 6.4Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection

Apr 26, 2024 Patched in 5.7.2 (12d)

CVE-2024-32808medium · 4.3Authorization Bypass Through User-Controlled Key

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference

Apr 22, 2024 Patched in 5.8.0 (8d)

CVE-2024-32774medium · 5.3Improper Authorization

ProfileGrid <= 5.8.2 - Bypass Group Members Limit

Apr 22, 2024 Patched in 5.8.3 (8d)

CVE-2024-32772medium · 4.3Authorization Bypass Through User-Controlled Key

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference

Apr 22, 2024 Patched in 5.8.0 (11d)

CVE-2024-3606medium · 4.3Missing Authorization

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization

Apr 16, 2024 Patched in 5.8.4 (17d)

CVE-2024-31362medium · 4.3Cross-Site Request Forgery (CSRF)

ProfileGrid <= 5.7.8 - Cross-Site Request Forgery

Apr 8, 2024 Patched in 5.7.9 (9d)

CVE-2024-31291medium · 4.3Authorization Bypass Through User-Controlled Key

ProfileGrid <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference

Apr 5, 2024 Patched in 5.7.7 (7d)

CVE-2024-30490critical · 10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection

Mar 28, 2024 Patched in 5.7.9 (7d)

CVE-2024-30491critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection

Mar 28, 2024 Patched in 5.7.9 (7d)

CVE-2024-30513medium · 4.3Authorization Bypass Through User-Controlled Key

ProfileGrid <= 5.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference

Mar 28, 2024 Patched in 5.7.3 (7d)

CVE-2023-52117medium · 4.3Missing Authorization

ProfileGrid <= 5.6.6 - Missing Authorization

Dec 28, 2023 Patched in 5.6.7 (26d)

CVE-2023-47644medium · 4.3Cross-Site Request Forgery (CSRF)

ProfileGrid <= 5.7.1 - Cross-Site Request Forgery

Nov 7, 2023 Patched in 5.7.2 (191d)

CVE-2023-3713high · 8.8Missing Authorization

ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update

Jul 17, 2023 Patched in 5.5.2 (190d)

CVE-2023-3404medium · 4.9Use of Hard-coded Cryptographic Key

ProfileGrid <= 5.5.0 - Hardcoded Encryption Key

Jul 17, 2023 Patched in 5.5.1 (190d)

CVE-2023-3714high · 7.5Missing Authorization

ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation

Jul 17, 2023 Patched in 5.5.3 (190d)

CVE-2023-3403medium · 5.4Missing Authorization

ProfileGrid <= 5.5.1 - Missing Authorization to User Import

Jul 17, 2023 Patched in 5.5.2 (190d)

CVE-2023-0940high · 8.8Missing Authorization

ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset

Feb 27, 2023 Patched in 5.3.1 (477d)

CVE-2022-41791medium · 6.3Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection

Nov 17, 2022 Patched in 5.1.8 (432d)

CVE-2022-36352medium · 5.4Missing Authorization

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure

Oct 27, 2022 Patched in 5.0.4 (453d)

CVE-2022-3578medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.1.0 - Reflected Cross-Site Scripting

Oct 19, 2022 Patched in 5.1.1 (461d)

CVE-2022-0233medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile

Jan 18, 2022 Patched in 4.7.7 (735d)

CVE-2019-15873high · 8.8Improper Control of Generation of Code ('Code Injection')

ProfileGrid – User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution

May 18, 2018 Patched in 2.8.6 (2076d)

Code Analysis

Analyzed Mar 16, 2026

ProfileGrid – User Profiles, Groups and Communities Code Analysis

Dangerous Functions

Raw SQL Queries

153 prepared

Unescaped Output

187

5212 escaped

Nonce Checks

117

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

99% prepared154 total queries

Output Escaping

97% escaped5399 total outputs

Data Flows

15 unsanitized

Data Flow Analysis

25 flows15 with unsanitized paths

<pm-export-users> (admin\partials\pm-export-users.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

98 unprotected

ProfileGrid – User Profiles, Groups and Communities Attack Surface

Entry Points160

Unprotected98

AJAX Handlers 98

authwp_ajax_pm_set_field_orderincludes\class-profile-magic.php:211

authwp_ajax_pm_set_group_orderincludes\class-profile-magic.php:212

authwp_ajax_pm_set_group_itemsincludes\class-profile-magic.php:213

authwp_ajax_pm_set_section_orderincludes\class-profile-magic.php:214

authwp_ajax_pm_test_smtpincludes\class-profile-magic.php:215

authwp_ajax_pm_get_rm_helptextincludes\class-profile-magic.php:216

authwp_ajax_pm_section_dropdownincludes\class-profile-magic.php:217

noprivwp_ajax_pm_activate_user_by_emailincludes\class-profile-magic.php:218

authwp_ajax_pm_activate_user_by_emailincludes\class-profile-magic.php:219

authwp_ajax_pm_load_export_fields_dropdownincludes\class-profile-magic.php:235

authwp_ajax_pm_upload_csvincludes\class-profile-magic.php:236

authwp_ajax_pg_post_feedbackincludes\class-profile-magic.php:238

authwp_ajax_pm_upload_jsonincludes\class-profile-magic.php:242

authwp_ajax_pm_dismissible_noticeincludes\class-profile-magic.php:243

authwp_ajax_pm_check_associate_tmplincludes\class-profile-magic.php:245

authwp_ajax_pg_create_group_pageincludes\class-profile-magic.php:258

authwp_ajax_pm_remove_attachment_dashboardincludes\class-profile-magic.php:260

authwp_ajax_pg_fetch_offersincludes\class-profile-magic.php:266

authwp_ajax_pm_wizard_update_group_iconincludes\class-profile-magic.php:268

authwp_ajax_pm_submit_group_wizard_formincludes\class-profile-magic.php:269

authwp_ajax_pm_get_groups_detailsincludes\class-profile-magic.php:270

authwp_ajax_pg_activate_licenseincludes\class-profile-magic.php:272

authwp_ajax_pg_deactivate_licenseincludes\class-profile-magic.php:273

noprivwp_ajax_pm_check_user_existincludes\class-profile-magic.php:321

authwp_ajax_pm_check_user_existincludes\class-profile-magic.php:322

authwp_ajax_pm_change_frontend_user_passincludes\class-profile-magic.php:335

authwp_ajax_pm_upload_imageincludes\class-profile-magic.php:340

authwp_ajax_pm_upload_cover_imageincludes\class-profile-magic.php:341

authwp_ajax_pm_send_change_pass_emailincludes\class-profile-magic.php:342

noprivwp_ajax_pm_send_change_pass_emailincludes\class-profile-magic.php:343

authwp_ajax_pm_advance_user_searchincludes\class-profile-magic.php:344

noprivwp_ajax_pm_advance_user_searchincludes\class-profile-magic.php:345

authwp_ajax_pm_advance_search_get_search_fields_by_gidincludes\class-profile-magic.php:346

noprivwp_ajax_pm_advance_search_get_search_fields_by_gidincludes\class-profile-magic.php:347

authwp_ajax_pm_messenger_send_new_messageincludes\class-profile-magic.php:349

authwp_ajax_pm_messenger_show_threadsincludes\class-profile-magic.php:350

authwp_ajax_pm_messenger_show_messagesincludes\class-profile-magic.php:351

authwp_ajax_pm_messenger_show_thread_userincludes\class-profile-magic.php:352

authwp_ajax_pm_get_messenger_notificationincludes\class-profile-magic.php:353

authwp_ajax_pm_autocomplete_user_searchincludes\class-profile-magic.php:354

authwp_ajax_pm_messenger_delete_threadsincludes\class-profile-magic.php:355

authwp_ajax_pm_messenger_notification_extra_dataincludes\class-profile-magic.php:356

authwp_ajax_pm_unread_message_summaryincludes\class-profile-magic.php:357

authwp_ajax_pm_load_pg_blogsincludes\class-profile-magic.php:359

authwp_ajax_pm_load_user_blogs_shortcode_postsincludes\class-profile-magic.php:360

noprivwp_ajax_pm_load_user_blogs_shortcode_postsincludes\class-profile-magic.php:361

noprivwp_ajax_pm_load_pg_blogsincludes\class-profile-magic.php:362

authwp_ajax_pm_get_rid_by_unameincludes\class-profile-magic.php:363

authwp_ajax_pm_activate_new_threadincludes\class-profile-magic.php:364

authwp_ajax_pm_activate_last_threadincludes\class-profile-magic.php:365

authwp_ajax_pm_get_active_thread_headerincludes\class-profile-magic.php:366

authwp_ajax_pm_messages_mark_as_readincludes\class-profile-magic.php:367

authwp_ajax_pm_messages_mark_as_unreadincludes\class-profile-magic.php:368

authwp_ajax_pg_show_all_threadsincludes\class-profile-magic.php:369

authwp_ajax_pg_search_threadsincludes\class-profile-magic.php:370

authwp_ajax_pg_show_msg_panelincludes\class-profile-magic.php:371

authwp_ajax_pg_delete_msgincludes\class-profile-magic.php:372

authwp_ajax_pm_messenger_delete_threads_popupincludes\class-profile-magic.php:373

authwp_ajax_pm_dismiss_unread_message_toastincludes\class-profile-magic.php:374

authwp_ajax_pm_fetch_my_friendsincludes\class-profile-magic.php:378

authwp_ajax_pm_fetch_my_suggestionincludes\class-profile-magic.php:379

authwp_ajax_pm_add_friend_requestincludes\class-profile-magic.php:380

authwp_ajax_pm_confirm_friend_requestincludes\class-profile-magic.php:381

authwp_ajax_pm_unfriend_friendincludes\class-profile-magic.php:382

authwp_ajax_pm_block_friendincludes\class-profile-magic.php:383

authwp_ajax_pm_reject_friend_requestincludes\class-profile-magic.php:384

authwp_ajax_pm_remove_friend_suggestionincludes\class-profile-magic.php:385

authwp_ajax_pm_get_friends_notificationincludes\class-profile-magic.php:386

authwp_ajax_pm_delete_notificationincludes\class-profile-magic.php:387

authwp_ajax_pm_load_more_notificationincludes\class-profile-magic.php:388

authwp_ajax_pm_read_all_notificationincludes\class-profile-magic.php:389

authwp_ajax_pm_fetch_friend_list_counterincludes\class-profile-magic.php:390

authwp_ajax_pm_refresh_notificationincludes\class-profile-magic.php:391

authwp_ajax_pm_auto_logout_userincludes\class-profile-magic.php:396

authwp_ajax_pm_remove_attachmentincludes\class-profile-magic.php:416

authwp_ajax_pm_edit_group_popup_htmlincludes\class-profile-magic.php:419

authwp_ajax_pm_save_post_statusincludes\class-profile-magic.php:420

authwp_ajax_pm_save_post_content_access_levelincludes\class-profile-magic.php:421

authwp_ajax_pm_save_edit_blog_postincludes\class-profile-magic.php:422

authwp_ajax_pm_save_admin_note_contentincludes\class-profile-magic.php:423

authwp_ajax_pm_send_message_to_authorincludes\class-profile-magic.php:424

authwp_ajax_pm_delete_admin_noteincludes\class-profile-magic.php:425

authwp_ajax_pm_get_all_user_blogs_from_groupincludes\class-profile-magic.php:426

authwp_ajax_pm_invite_userincludes\class-profile-magic.php:427

authwp_ajax_pm_remove_user_from_groupincludes\class-profile-magic.php:428

authwp_ajax_pm_activate_user_in_groupincludes\class-profile-magic.php:429

authwp_ajax_pm_get_all_users_from_groupincludes\class-profile-magic.php:430

noprivwp_ajax_pm_get_all_users_from_groupincludes\class-profile-magic.php:431

authwp_ajax_pm_get_all_groupsincludes\class-profile-magic.php:432

noprivwp_ajax_pm_get_all_groupsincludes\class-profile-magic.php:433

authwp_ajax_pm_deactivate_user_from_groupincludes\class-profile-magic.php:434

authwp_ajax_pm_generate_auto_passwordincludes\class-profile-magic.php:435

authwp_ajax_pm_reset_user_passwordincludes\class-profile-magic.php:436

authwp_ajax_pm_get_pending_post_from_groupincludes\class-profile-magic.php:437

authwp_ajax_pm_remove_user_groupincludes\class-profile-magic.php:439

authwp_ajax_pm_decline_join_group_requestincludes\class-profile-magic.php:441

authwp_ajax_pm_approve_join_group_requestincludes\class-profile-magic.php:442

authwp_ajax_pm_get_all_requests_from_groupincludes\class-profile-magic.php:443

REST API Routes 3

GET/wp-json/profilegrid/v1/groupsblocks\class-profile-magic-block.php:37

GET/wp-json/profilegrid/v1/usersblocks\class-profile-magic-block.php:46

GET/wp-json/profilegrid/v1/pagesblocks\class-profile-magic-block.php:55

Shortcodes 59

[PM_Registration] public\class-profile-magic-public.php:332

[profilegrid_register] public\class-profile-magic-public.php:333

[PM_Group] public\class-profile-magic-public.php:334

[profilegrid_group] public\class-profile-magic-public.php:335

[PM_Groups] public\class-profile-magic-public.php:336

[profilegrid_groups] public\class-profile-magic-public.php:337

[PM_Login] public\class-profile-magic-public.php:338

[profilegrid_login] public\class-profile-magic-public.php:339

[PM_Profile] public\class-profile-magic-public.php:340

[profilegrid_profile] public\class-profile-magic-public.php:341

[PM_Forget_Password] public\class-profile-magic-public.php:342

[profilegrid_forgot_password] public\class-profile-magic-public.php:343

[PM_Password_Reset_Form] public\class-profile-magic-public.php:344

[PM_Search] public\class-profile-magic-public.php:345

[profilegrid_users] public\class-profile-magic-public.php:346

[PM_Messenger] public\class-profile-magic-public.php:347

[PM_User_Blogs] public\class-profile-magic-public.php:348

[profilegrid_user_blogs] public\class-profile-magic-public.php:349

[PM_Add_Blog] public\class-profile-magic-public.php:350

[profilegrid_submit_blog] public\class-profile-magic-public.php:351

[profilegrid_user_image] public\class-profile-magic-public.php:353

[profilegrid_user_display_name] public\class-profile-magic-public.php:354

[profilegrid_user_first_name] public\class-profile-magic-public.php:355

[profilegrid_user_last_name] public\class-profile-magic-public.php:356

[profilegrid_user_email] public\class-profile-magic-public.php:357

[profilegrid_user_cover_image] public\class-profile-magic-public.php:358

[profilegrid_user_default_group] public\class-profile-magic-public.php:359

[profilegrid_user_all_groups] public\class-profile-magic-public.php:360

[profilegrid_user_group_badges] public\class-profile-magic-public.php:361

[profilegrid_unread_notifications] public\class-profile-magic-public.php:362

[profilegrid_unread_messages] public\class-profile-magic-public.php:363

[profilegrid_user_about_area] public\class-profile-magic-public.php:364

[profilegrid_user_groups_area] public\class-profile-magic-public.php:365

[profilegrid_blog_area] public\class-profile-magic-public.php:366

[profilegrid_messaging_area] public\class-profile-magic-public.php:367

[profilegrid_notification_area] public\class-profile-magic-public.php:368

[profilegrid_friends_area] public\class-profile-magic-public.php:369

[profilegrid_settings_area] public\class-profile-magic-public.php:370

[profilegrid_account_options] public\class-profile-magic-public.php:371

[profilegrid_password_options] public\class-profile-magic-public.php:372

[profilegrid_privacy_options] public\class-profile-magic-public.php:373

[profilegrid_delete_options] public\class-profile-magic-public.php:374

[profilegrid_group_cards] public\class-profile-magic-public.php:375

[profilegrid_group_name] public\class-profile-magic-public.php:376

[profilegrid_group_description] public\class-profile-magic-public.php:377

[profilegrid_member_count] public\class-profile-magic-public.php:378

[profilegrid_manager_count] public\class-profile-magic-public.php:379

[profilegrid_group_manager] public\class-profile-magic-public.php:380

[profilegrid_group_manager_list] public\class-profile-magic-public.php:381

[profilegrid_group_members_display_name_in_list] public\class-profile-magic-public.php:382

[profilegrid_members_cards] public\class-profile-magic-public.php:383

[profilegrid_manager_cards] public\class-profile-magic-public.php:384

[profilegrid_show] public\class-profile-magic-public.php:385

[profilegrid_restrict] public\class-profile-magic-public.php:386

[profilegrid_hide] public\class-profile-magic-public.php:387

[profilegrid_show_managers] public\class-profile-magic-public.php:388

[profilegrid_section] public\class-profile-magic-public.php:389

[profilegrid_field] public\class-profile-magic-public.php:390

[profilegrid_edit_profile] public\class-profile-magic-public.php:391

WordPress Hooks 154

filterupload_mimesadmin\class-profile-magic-admin.php:1429

actionmedia_buttonsadmin\partials\email-template.php:108

actionmedia_buttonsadmin\partials\friends-settings.php:167

actionplugins_loadedincludes\class-profile-magic.php:171

filterplugins_loadedincludes\class-profile-magic.php:177

actionphpmailer_initincludes\class-profile-magic.php:190

actioninitincludes\class-profile-magic.php:197

actionrest_api_initincludes\class-profile-magic.php:198

actionblock_categories_allincludes\class-profile-magic.php:199

actionadmin_initincludes\class-profile-magic.php:205

actionadmin_initincludes\class-profile-magic.php:206

actionadmin_enqueue_scriptsincludes\class-profile-magic.php:207

actionadmin_enqueue_scriptsincludes\class-profile-magic.php:208

actionadmin_menuincludes\class-profile-magic.php:209

actionadmin_menuincludes\class-profile-magic.php:210

actionshow_user_profileincludes\class-profile-magic.php:221

actionedit_user_profileincludes\class-profile-magic.php:222

actionpersonal_options_updateincludes\class-profile-magic.php:223

actionedit_user_profile_updateincludes\class-profile-magic.php:224

actionuser_new_formincludes\class-profile-magic.php:226

actionuser_registerincludes\class-profile-magic.php:227

actionwpmu_new_userincludes\class-profile-magic.php:228

actionwpmu_new_blogincludes\class-profile-magic.php:229

actionprofile_magic_setting_optionincludes\class-profile-magic.php:231

actionprofile_magic_group_membership_optionincludes\class-profile-magic.php:232

actionprofile_magic_premium_group_optionincludes\class-profile-magic.php:233

filterupload_mimesincludes\class-profile-magic.php:237

actionprofilegrid_shortcode_descincludes\class-profile-magic.php:239

actionprofilegrid_shortcode_descincludes\class-profile-magic.php:240

actionprofilegrid_shortcode_descincludes\class-profile-magic.php:241

actionadmin_noticesincludes\class-profile-magic.php:244

actionadmin_noticesincludes\class-profile-magic.php:246

actionwidgets_initincludes\class-profile-magic.php:247

actioninitincludes\class-profile-magic.php:248

actionpg_groupleader_assign_removeincludes\class-profile-magic.php:249

actionadmin_noticesincludes\class-profile-magic.php:250

actionrm_form_type_changedincludes\class-profile-magic.php:251

actionrm_form_deletedincludes\class-profile-magic.php:252

actionadmin_noticesincludes\class-profile-magic.php:253

actionrm_user_deactivatedincludes\class-profile-magic.php:254

actionwidgets_initincludes\class-profile-magic.php:255

actionwidgets_initincludes\class-profile-magic.php:256

actionadmin_initincludes\class-profile-magic.php:257

actionuser_edit_form_tagincludes\class-profile-magic.php:259

actionprofile_magic_available_extensionsincludes\class-profile-magic.php:262

filterregister_post_type_argsincludes\class-profile-magic.php:263

actionadmin_initincludes\class-profile-magic.php:264

actionadmin_initincludes\class-profile-magic.php:265

actionpg_customization_extension_htmlincludes\class-profile-magic.php:271

actionadmin_noticesincludes\class-profile-magic.php:275

actionadd_meta_boxesincludes\class-profile-magic.php:282

actionsave_postincludes\class-profile-magic.php:283

filterthe_contentincludes\class-profile-magic.php:284

filterthe_excerptincludes\class-profile-magic.php:285

actioncomment_postincludes\class-profile-magic.php:291

filterheartbeat_receivedincludes\class-profile-magic.php:293

actionadded_post_metaincludes\class-profile-magic.php:295

actiontransition_post_statusincludes\class-profile-magic.php:296

actionadded_post_metaincludes\class-profile-magic.php:298

actionwp_enqueue_scriptsincludes\class-profile-magic.php:310

actionwp_enqueue_scriptsincludes\class-profile-magic.php:311

actioninitincludes\class-profile-magic.php:312

actionwp_loginincludes\class-profile-magic.php:314

actionwp_logoutincludes\class-profile-magic.php:315

actionlogin_form_lostpasswordincludes\class-profile-magic.php:316

actionlogin_form_lostpasswordincludes\class-profile-magic.php:317

actionpassword_resetincludes\class-profile-magic.php:318

actionlogin_form_rpincludes\class-profile-magic.php:319

actionlogin_form_resetpassincludes\class-profile-magic.php:320

actionlogin_form_rpincludes\class-profile-magic.php:324

actionlogin_form_resetpassincludes\class-profile-magic.php:325

filterlogin_messageincludes\class-profile-magic.php:326

filterregister_urlincludes\class-profile-magic.php:327

filterlogin_redirectincludes\class-profile-magic.php:328

filterget_avatarincludes\class-profile-magic.php:329

filterbp_core_fetch_avatarincludes\class-profile-magic.php:330

filterbp_core_fetch_avatar_urlincludes\class-profile-magic.php:331

filterretrieve_password_messageincludes\class-profile-magic.php:333

actionprofile_magic_registration_processincludes\class-profile-magic.php:336

actionprofile_magic_show_captchaincludes\class-profile-magic.php:337

actionprofile_magic_registration_processincludes\class-profile-magic.php:338

actionprofile_magic_before_registration_formincludes\class-profile-magic.php:339

actioninitincludes\class-profile-magic.php:358

actionprofile_magic_profile_tabincludes\class-profile-magic.php:376

actionprofile_magic_custom_fields_htmlincludes\class-profile-magic.php:392

filterprofile_magic_check_payment_configincludes\class-profile-magic.php:393

filterauthor_linkincludes\class-profile-magic.php:394

actioninitincludes\class-profile-magic.php:395

actionwp_footerincludes\class-profile-magic.php:397

filterpg_whitelisted_wpadmin_accessincludes\class-profile-magic.php:398

actionpg_blocked_user_ipincludes\class-profile-magic.php:399

filterauthenticateincludes\class-profile-magic.php:400

actionpg_blocked_user_emailincludes\class-profile-magic.php:401

filterpm_frontend_server_validationincludes\class-profile-magic.php:402

filterpm_frontend_server_validationincludes\class-profile-magic.php:403

actiondelete_userincludes\class-profile-magic.php:404

actionwpmu_delete_userincludes\class-profile-magic.php:405

filterwp_titleincludes\class-profile-magic.php:406

filterpre_get_document_titleincludes\class-profile-magic.php:407

actionwp_headincludes\class-profile-magic.php:408

filterregistration_errorsincludes\class-profile-magic.php:409

filterget_comment_authorincludes\class-profile-magic.php:411

filtercomment_authorincludes\class-profile-magic.php:412

actionpublish_profilegrid_blogsincludes\class-profile-magic.php:413

actioninitincludes\class-profile-magic.php:414

filterget_comment_author_linkincludes\class-profile-magic.php:415

actionwp_footerincludes\class-profile-magic.php:417

actionprofile_magic_join_paid_group_processincludes\class-profile-magic.php:440

actioninitincludes\class-profile-magic.php:444

actionclean_user_online_statusincludes\class-profile-magic.php:445

actionclear_auth_cookieincludes\class-profile-magic.php:446

actionrm_submission_completedincludes\class-profile-magic.php:448

actionrm_payment_completedincludes\class-profile-magic.php:449

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:450

actionrm_payment_completedincludes\class-profile-magic.php:451

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:452

actionprofile_magic_profile_settings_tab_contentincludes\class-profile-magic.php:453

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:454

actionprofile_magic_profile_settings_tab_contentincludes\class-profile-magic.php:455

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:456

actionprofile_magic_profile_settings_tab_contentincludes\class-profile-magic.php:457

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:458

actionprofile_magic_profile_settings_tab_contentincludes\class-profile-magic.php:459

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:460

actionprofile_magic_profile_settings_tab_contentincludes\class-profile-magic.php:461

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:462

actionprofile_magic_profile_settings_tab_contentincludes\class-profile-magic.php:463

actionprofile_magic_profile_settings_tabincludes\class-profile-magic.php:464

actionprofile_magic_profile_settings_tab_contentincludes\class-profile-magic.php:465

filterlostpassword_urlincludes\class-profile-magic.php:466

actionpm_send_message_notificationincludes\class-profile-magic.php:467

filterprofile_magic_get_frontend_urlincludes\class-profile-magic.php:468

filterrm_profile_imageincludes\class-profile-magic.php:469

actionpg_user_leave_groupincludes\class-profile-magic.php:470

actionprofile_magic_profile_tabsincludes\class-profile-magic.php:471

actionprofile_magic_profile_tab_content_pg-aboutincludes\class-profile-magic.php:472

actionprofile_magic_profile_tab_content_pg-groupsincludes\class-profile-magic.php:473

actionprofile_magic_profile_tab_content_pg-blogincludes\class-profile-magic.php:474

actionprofile_magic_profile_tab_content_pg-messagesincludes\class-profile-magic.php:475

actionprofile_magic_profile_tab_content_pg-notificationsincludes\class-profile-magic.php:476

actionprofile_magic_profile_tab_content_pg-friendsincludes\class-profile-magic.php:477

actionprofile_magic_profile_tab_content_pg-settingsincludes\class-profile-magic.php:478

actionwp_enqueue_scriptsincludes\class-profile-magic.php:479

actionwp_enqueue_scriptsincludes\class-profile-magic.php:480

actionwp_enqueue_scriptsincludes\class-profile-magic.php:481

actionprofilegrid_payment_completeincludes\class-profile-magic.php:482

actionwoo_wallet_payment_processedincludes\class-profile-magic.php:483

actionwoocommerce_payment_completeincludes\class-profile-magic.php:484

filterpm_get_all_groups_data_additionalincludes\class-profile-magic.php:485

filterbody_classincludes\class-profile-magic.php:486

filtercomment_form_defaultsincludes\class-profile-magic.php:487

actionrest_api_initincludes\class-profile-magic.php:493

actionadmin_menuincludes\class-profile-magic.php:494

filterwp_mail_content_typepublic\class-profile-magic-public.php:776

Maintenance & Trust

ProfileGrid – User Profiles, Groups and Communities Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads1.1M

Community Trust

Rating92/100

Number of ratings234

Active installs6K

Alternatives

ProfileGrid – User Profiles, Groups and Communities Alternatives

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 68 CVEs

Ultimate Member – reCAPTCHA

um-recaptcha

Stop bots on your registration & login forms with Google reCAPTCHA

20K No CVEs

WP User Manager – User Profile Builder & Membership

wp-user-manager

The most customizable profiles & community builder WordPress plugin with front-end login, registration, profile customization and content restriction.

10K 7 CVEs

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched

Ultimate Member – Terms & Conditions

um-terms-conditions

Add a terms and condition checkbox to your registration forms & require users to agree to your T&Cs before registering on your site.

5K No CVEs

Developer Profile

ProfileGrid – User Profiles, Groups and Communities Developer Profile

Metagauss

7 plugins · 79K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

250 days

View full developer profile

Detection Fingerprints

How We Detect ProfileGrid – User Profiles, Groups and Communities

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/admin/css/daterangepicker.css/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/admin/css/font-awesome.css/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/admin/css/profile-magic-admin.css/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/admin/css/smoothness-jquery-ui.min.css/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/public/css/profile-magic-public.css/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/public/js/jquery.cookie.js/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/public/js/jquery.infinite-scroll.js/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/public/js/jquery.multi-select.js+6 more

Script Paths

/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/admin/js/profile-magic-admin.js/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/public/js/profile-magic-public.js

Version Parameters

profilegrid-user-profiles-groups-and-communities/admin/css/daterangepicker.css?ver=profilegrid-user-profiles-groups-and-communities/admin/css/font-awesome.css?ver=profilegrid-user-profiles-groups-and-communities/admin/css/profile-magic-admin.css?ver=profilegrid-user-profiles-groups-and-communities/admin/css/smoothness-jquery-ui.min.css?ver=profilegrid-user-profiles-groups-and-communities/public/css/profile-magic-public.css?ver=profilegrid-user-profiles-groups-and-communities/public/js/jquery.cookie.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/jquery.infinite-scroll.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/jquery.multi-select.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/jquery.perfect-scrollbar.min.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/jquery.scrollUp.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/jquery.tinyscrollbar.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/pm-public.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/profile-magic-public.js?ver=profilegrid-user-profiles-groups-and-communities/public/js/sweetalert.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

pm-profile-formpm-group-formpm-user-profile-wrapperpm-group-listingpm-member-listingpg-profile-field-wrapperprofilegrid_user_profileprofilegrid_group_profile+3 more

HTML Comments

+4 more

Data Attributes

data-profilegrid-iddata-profilegrid-typedata-pg-group-iddata-pg-user-iddata-pm-field-id

JS Globals

ProfileGridPM_datapm_varsprofile_magic_object

REST Endpoints

/wp-json/profilegrid/v1/users/wp-json/profilegrid/v1/groups/wp-json/profilegrid/v1/fields/wp-json/profilegrid/v1/members

Shortcode Output

[profilegrid_user_profile][profilegrid_group_listing][profilegrid_member_listing][profilegrid_registration_form]

FAQ