Description
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’ function in all versions up to, and including, 5.9.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a logged-in user into performing an action such as clicking on a link.
Product(s):
- Metagauss ProfileGrid for WordPress
- Metagauss ProfileGrid 1.0.1 for WordPress
- Metagauss ProfileGrid 1.0.2 for WordPress
- Metagauss ProfileGrid 1.0.3 for WordPress
- Metagauss ProfileGrid 1.0.4 for WordPress
- Metagauss ProfileGrid 1.0.5 for WordPress
- Metagauss ProfileGrid 1.0.6 for WordPress
- Metagauss ProfileGrid 1.0.7 for WordPress
- Metagauss ProfileGrid 1.0.8 for WordPress
- Metagauss ProfileGrid 1.0.9 for WordPress
- Metagauss ProfileGrid 1.0 for WordPress
- Metagauss ProfileGrid 1.1.0 for WordPress
- Metagauss ProfileGrid 1.1.1 for WordPress
- Metagauss ProfileGrid 1.1.2 for WordPress
- Metagauss ProfileGrid 1.1.3 for WordPress
- Metagauss ProfileGrid 1.1.4 for WordPress
- Metagauss ProfileGrid 1.1.5 for WordPress
- Metagauss ProfileGrid 1.1.6 for WordPress
- Metagauss ProfileGrid 1.1.7 for WordPress
- Metagauss ProfileGrid 1.1.8 for WordPress
- Metagauss ProfileGrid 1.1.9 for WordPress
- Metagauss ProfileGrid 1.2.0 for WordPress
- Metagauss ProfileGrid 1.2.1 for WordPress
- Metagauss ProfileGrid 1.2.2 for WordPress
- Metagauss ProfileGrid 1.2.3 for WordPress
- Metagauss ProfileGrid 1.2.4 for WordPress
- Metagauss ProfileGrid 1.2.5 for WordPress
- Metagauss ProfileGrid 1.2.6 for WordPress
- Metagauss ProfileGrid 1.2.7 for WordPress
- Metagauss ProfileGrid 1.2.8 for WordPress
- Metagauss ProfileGrid 1.2.9 for WordPress
- Metagauss ProfileGrid 1.3.0 for WordPress
- Metagauss ProfileGrid 1.3.1 for WordPress
- Metagauss ProfileGrid 1.3.2 for WordPress
- Metagauss ProfileGrid 1.3.3 for WordPress
- Metagauss ProfileGrid 1.4.0 for WordPress
- Metagauss ProfileGrid 1.4.1 for WordPress
- Metagauss ProfileGrid 1.4.2 for WordPress
- Metagauss ProfileGrid 1.4.3 for WordPress
- Metagauss ProfileGrid 1.4.4 for WordPress
- Metagauss ProfileGrid 1.4.5 for WordPress
- Metagauss ProfileGrid 1.4.6 for WordPress
- Metagauss ProfileGrid 1.4.7 for WordPress
- Metagauss ProfileGrid 2.0.0 for WordPress
- Metagauss ProfileGrid 2.0.1 for WordPress
- Metagauss ProfileGrid 2.2.0 for WordPress
- Metagauss ProfileGrid 2.2.1 for WordPress
- Metagauss ProfileGrid 2.3.0 for WordPress
- Metagauss ProfileGrid 2.3.1 for WordPress
- Metagauss ProfileGrid 2.3.2 for WordPress
- Metagauss ProfileGrid 2.3.3 for WordPress
- Metagauss ProfileGrid 2.3.4 for WordPress
- Metagauss ProfileGrid 2.3.5 for WordPress
- Metagauss ProfileGrid 2.3.6 for WordPress
- Metagauss ProfileGrid 2.3.7 for WordPress
- Metagauss ProfileGrid 2.3.8 for WordPress
- Metagauss ProfileGrid 2.3.9 for WordPress
- Metagauss ProfileGrid 2.4.0 for WordPress
- Metagauss ProfileGrid 2.4.1 for WordPress
- Metagauss ProfileGrid 2.4.2 for WordPress
- Metagauss ProfileGrid 2.4.3 for WordPress
- Metagauss ProfileGrid 2.4.4 for WordPress
- Metagauss ProfileGrid 2.4.5 for WordPress
- Metagauss ProfileGrid 2.4.6 for WordPress
- Metagauss ProfileGrid 2.4.7 for WordPress
- Metagauss ProfileGrid 2.4.8 for WordPress
- Metagauss ProfileGrid 2.4.9 for WordPress
- Metagauss ProfileGrid 2.5.0 for WordPress
- Metagauss ProfileGrid 2.6.0 for WordPress
- Metagauss ProfileGrid 2.6.1 for WordPress
- Metagauss ProfileGrid 2.6.2 for WordPress
- Metagauss ProfileGrid 2.6.3 for WordPress
- Metagauss ProfileGrid 2.6.4 for WordPress
- Metagauss ProfileGrid 2.6.5 for WordPress
- Metagauss ProfileGrid 2.6.6 for WordPress
- Metagauss ProfileGrid 2.6.7 for WordPress
- Metagauss ProfileGrid 2.6.8 for WordPress
- Metagauss ProfileGrid 2.6.9 for WordPress
- Metagauss ProfileGrid 2.7.0 for WordPress
- Metagauss ProfileGrid 2.7.1 for WordPress
- Metagauss ProfileGrid 2.7.2 for WordPress
- Metagauss ProfileGrid 2.7.3 for WordPress
- Metagauss ProfileGrid 2.7.4 for WordPress
- Metagauss ProfileGrid 2.7.5 for WordPress
- Metagauss ProfileGrid 2.7.6 for WordPress
- Metagauss ProfileGrid 2.7.7 for WordPress
- Metagauss ProfileGrid 2.7.8 for WordPress
- Metagauss ProfileGrid 2.7.9 for WordPress
- Metagauss ProfileGrid 2.8.0 for WordPress
- Metagauss ProfileGrid 2.8.1 for WordPress
- Metagauss ProfileGrid 2.8.2 for WordPress
- Metagauss ProfileGrid 2.8.3 for WordPress
- Metagauss ProfileGrid 2.8.4 for WordPress
- Metagauss ProfileGrid 2.8.5 for WordPress
- Metagauss ProfileGrid 2.8.6 for WordPress
- Metagauss ProfileGrid 2.8.7 for WordPress
- Metagauss ProfileGrid 2.8.8 for WordPress
- Metagauss ProfileGrid 2.8.9 for WordPress
- Metagauss ProfileGrid 2.9.0 for WordPress
- +249 additional
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2025-6977, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-6977 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Cross-Site+Scripting
- https://capec.mitre.org/data/definitions/209.html
- https://capec.mitre.org/data/definitions/588.html
- https://capec.mitre.org/data/definitions/591.html
- https://capec.mitre.org/data/definitions/592.html
- https://capec.mitre.org/data/definitions/63.html
- https://capec.mitre.org/data/definitions/85.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-6977