CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers