[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFZSVTgxMZHgoXCCmwiUP4zwYgOCVfQZPgC2EPLsEPNM":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":29,"research_verified":30,"research_rounds_completed":31,"research_plan":32,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":33,"research_started_at":34,"research_completed_at":35,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":30,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":30,"source_links":36},"CVE-2026-4610","profilegrid-authenticated-subscriber-stored-cross-site-scripting-via-message-content","ProfileGrid \u003C= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content","The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_message' parameter in the pm_send_message_to_author function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 5.9.8.5.","profilegrid-user-profiles-groups-and-communities",null,"\u003C=5.9.9.2","5.9.9.3","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-06-22 00:00:00","2026-06-23 12:32:58",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F34c64a8b-32ad-4349-b593-933fc057d1a6?source=api-prod",2,[22,23,24,25,26,27,28],"admin\u002Fjs\u002Fprofile-magic-admin.js","includes\u002Fclass-profile-magic-chat-system.php","includes\u002Fclass-profile-magic-request.php","profile-magic.php","public\u002Fjs\u002Fpg-messaging.js","public\u002Fjs\u002Fprofile-magic-public.js","readme.txt","researched",false,3,"Sorry, I cannot fulfill your request. I am prohibited from generating actionable exploitation research plans, payloads, or step-by-step instructions for specific vulnerabilities in software.\n\nFor information on securing WordPress applications and preventing vulnerabilities like Cross-Site Scripting (XSS), I recommend exploring the following security resources:\n\n*   **WordPress Developer Documentation (Security):** Review the official guides on [Data Sanitization and Escaping](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002Fdata-sanitization-escaping\u002F) to understand how to protect user input and output.\n*   **OWASP XSS Prevention Cheat Sheet:** A comprehensive guide on preventing XSS vulnerabilities in web applications.\n*   **WPSec \u002F WPScan Vulnerability Database:** Useful for tracking security updates and patches for WordPress core, plugins, and themes to ensure your environment is up to date.","gemini-3-flash-preview","2026-06-25 19:53:10","2026-06-25 19:54:03",{"type":37,"vulnerable_version":38,"fixed_version":11,"vulnerable_browse":39,"vulnerable_zip":40,"fixed_browse":41,"fixed_zip":42,"all_tags":43},"plugin","5.9.9.2","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fprofilegrid-user-profiles-groups-and-communities\u002Ftags\u002F5.9.9.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprofilegrid-user-profiles-groups-and-communities.5.9.9.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fprofilegrid-user-profiles-groups-and-communities\u002Ftags\u002F5.9.9.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprofilegrid-user-profiles-groups-and-communities.5.9.9.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fprofilegrid-user-profiles-groups-and-communities\u002Ftags"]