A vulnerability, which was classified as problematic , has been found in metagauss ProfileGrid Plugin up to 5.9.9.2 on WordPress. This affects the function pm_send_message_to_author of the component User Profile Handler . Performing a manipulation of the argument pm_author_message results in cross site scripting. This vulnerability is identified as CVE-2026-4610 . The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.