CVE-2026-57759
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The ProfileGrid plugin version 5.9.9.7 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick a logged-in administrator into performing unintended actions without their knowledge.
Risk Assessment
The risk involves an attacker being able to execute administrative actions on behalf of the victim, potentially leading to unauthorized configuration changes, data deletion, or privilege escalation.
Recommendation
It is recommended to immediately update the ProfileGrid plugin to the latest available version that fixes this vulnerability. Additionally, implement CSRF protection mechanisms such as anti-CSRF tokens.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.

