CVE-2026-57697 HIGH

CVE-2026-57697: WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Vendor Metagauss
Product ProfileGrid
Weakness CWE-288
Published July 13, 2026
Last update July 13, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Password Recovery Exploitation.This issue affects ProfileGrid : from n/a through <= 5.9.9.6.

Explanation of Vulnerability in Simple Terms

02Summary

ProfileGrid versions up to 5.9.9.6 contain an authentication bypass vulnerability that allows unauthenticated attackers to modify data on the site. The vulnerability stems from insufficient authentication checks in the application logic. No user interaction is required to exploit this issue. Site administrators should update to a version newer than 5.9.9.6 immediately.

What an attacker can do

03Attacker Capabilities

Modify site data without logging in or providing credentials.

Potential impact on your site

04Site Impact

Attackers can alter content, user profiles, or settings without authorization.

Conditions required to exploit

05Prerequisites

Network access to the site; no authentication or user interaction required.

Key dates

06Disclosure timeline

July 13, 2026 CVE published
July 13, 2026 Record updated