CVE Catalog

CVE-2026-57759

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

The ProfileGrid plugin version 5.9.9.7 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick a logged-in administrator into performing unintended actions without their knowledge.

Risk Assessment

The risk involves an attacker being able to execute administrative actions on behalf of the victim, potentially leading to unauthorized configuration changes, data deletion, or privilege escalation.

Recommendation

It is recommended to immediately update the ProfileGrid plugin to the latest available version that fixes this vulnerability. Additionally, implement CSRF protection mechanisms such as anti-CSRF tokens.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS