Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2026-12073: ProfileGrid WordPress Plugin Critical Privilege Escalation
CVE-2026-12073: ProfileGrid WordPress Plugin Critical Privilege Escalation

Critical Security Alert

This vulnerability is actively being exploited. Immediate action is recommended.

SECURITYCRITICALCVE-2026-12073

CVE-2026-12073: ProfileGrid WordPress Plugin Critical Privilege Escalation

A critical CVSS 9.8 vulnerability in the ProfileGrid WordPress plugin allows unauthenticated attackers to take over any user account and escalate...

Dylan H.

Security Team

June 30, 2026
3 min read

Affected Products

  • ProfileGrid – User Profiles, Groups and Communities WordPress plugin <= 5.9.9.5

Overview

A critical privilege escalation vulnerability (CVE-2026-12073) has been disclosed in the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress. With a CVSS score of 9.8 (Critical), this flaw allows unauthenticated remote attackers to take over arbitrary user accounts, including administrator accounts, without requiring any prior authentication.

All versions of the plugin up to and including 5.9.9.5 are confirmed vulnerable.

Technical Details

The root cause of CVE-2026-12073 lies in how the plugin handles user registration forms. Specifically, the plugin fails to validate the user_login parameter on certain registration form variants that are designed to omit that field. An attacker can craft a registration request that specifies an arbitrary existing username, causing the plugin to associate the new registration session or token with a different account.

This account takeover mechanism then enables privilege escalation — an unauthenticated attacker can target an existing administrator account, assume control of it, and gain full administrative access to the WordPress installation.

Key technical factors:

  • No authentication required — the attack is fully unauthenticated
  • Any account targetable — attackers can target any existing user including admins
  • Registration form abuse — triggered via crafted registration requests
  • Missing input validation — user_login parameter not validated on specific form types

Impact

The impact of this vulnerability is severe:

  • Full site compromise — administrative access enables theme/plugin installation, code execution, and data exfiltration
  • Database access — WordPress admins can read and modify all site content and user data
  • Backdoor installation — attackers commonly install webshells or malicious plugins post-compromise
  • Multi-site environments — in WordPress Multisite setups, a single super-admin compromise can cascade across all subsites

The ProfileGrid plugin is widely deployed across community-driven WordPress sites, membership portals, and social network plugins, making the attack surface significant.

Affected Versions

ComponentAffected Versions
ProfileGrid – User Profiles, Groups and CommunitiesAll versions <= 5.9.9.5

Remediation

WordPress site administrators should take the following steps immediately:

  1. Update the plugin to the latest patched version as soon as it becomes available via the WordPress plugin repository
  2. Audit user accounts — review recently created administrator or elevated accounts for unauthorized activity
  3. Review access logs — check for unusual registration activity or account logins around the disclosure date
  4. Consider temporary deactivation if an update is not yet available and the plugin is not business-critical
  5. Enable WAF rules if your hosting provider or security plugin (Wordfence, Sucuri) offers virtual patching

CVSS Score Breakdown

MetricValue
Base Score9.8 Critical
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

References

  • NVD Entry – CVE-2026-12073
  • WordPress Plugin Repository – ProfileGrid
#CVE#WordPress#Privilege Escalation#Account Takeover#NVD

Related Articles

CVE-2026-9851: WordPress Booking Package Plugin Privilege Escalation via Account Takeover

A high-severity privilege escalation vulnerability in the Booking Package WordPress plugin allows unauthenticated or low-privileged attackers to take over…

2 min read

CVE-2026-8206: Kirki WordPress Plugin Critical Privilege Escalation via Account Takeover

The Kirki Freeform Page Builder plugin for WordPress (versions 6.0.0–6.0.6) allows unauthenticated attackers to take over any user account during password…

5 min read

CVE-2026-4321: Critical SQL Injection in Raera Destekz Plugin (No Patch Available)

A CVSS 9.8 critical SQL injection in the Destekz plugin by Raera - Ankara Web Design allows unauthenticated remote attackers full database access. The...

2 min read
Back to all Security Alerts